CVE-2014-8101

Name of the Vulnerable Software and Affected Versions X.Org Server versions prior to 1.16.3 XFree86 version 4.2.0 X.Org X Window System version X11R6.7 xorg-x11-server-Xdmx version 1.15.0 xorg-x11-server-debuginfo version 1.15.0 xorg-x11-server-Xnest version 1.15.0 xorg-x11-server-Xephyr version 1.15.0 xorg-x11-server-source version 1.15.0 xorg-x11-server-Xvfb version 1.15.0 xorg-x11-server-debuginfo version 1.1.1 xorg-x11-server-common version 1.15.0 xorg-x11-server version 1.15.0 xorg-x11-server-Xorg version 1.15.0 xorg-x11-server-devel version 1.15.0 xorg-x11-server-Xvnc-source version 1.1.1

Description The issue allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted length or index values to the SProcRRQueryVersion, SProcRRGetScreenInfo, SProcRRSelectInput, or SProcRRConfigureOutputProperty functions. This can lead to out-of-bounds read or write operations. The vulnerability can be exploited by a remote attacker who has passed the authentication procedure.

Recommendations For X.Org Server versions prior to 1.16.3, update to version 1.16.3 or later. For XFree86 version 4.2.0, consider upgrading to a newer version of X.Org Server. For xorg-x11-server-Xdmx version 1.15.0, xorg-x11-server-debuginfo version 1.15.0, xorg-x11-server-Xnest version 1.15.0, xorg-x11-server-Xephyr version 1.15.0, xorg-x11-server-source version 1.15.0, xorg-x11-server-Xvfb version 1.15.0, xorg-x11-server-debuginfo version 1.1.1, xorg-x11-server-common version 1.15.0, xorg-x11-server version 1.15.0, xorg-x11-server-Xorg version 1.15.0, xorg-x11-server-devel version 1.15.0, and xorg-x11-server-Xvnc-source version 1.1.1, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the vulnerable functions until a patch is available.