CVE-2014-8103

Name of the Vulnerable Software and Affected Versions xorg-x11-server versions 1.15.0 through 1.16.x before 1.16.3 xorg-x11-server-Xdmx version 1.15.0 xorg-x11-server-Xnest version 1.15.0 xorg-x11-server-Xephyr version 1.15.0 xorg-x11-server-source version 1.15.0 xorg-x11-server-debuginfo version 1.15.0 xorg-x11-server-common version 1.15.0 xorg-x11-server-devel version 1.15.0 xorg-x11-server-Xvfb version 1.15.0 xorg-x11-server-Xorg version 1.15.0

Description The issue allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted length or index values to certain functions in the DRI3 or Present extension. This can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely by an attacker who has passed the authentication procedure.

Recommendations For xorg-x11-server versions 1.15.0 through 1.16.x before 1.16.3, update to version 1.16.3 or later to resolve the issue. For xorg-x11-server-Xdmx version 1.15.0, update to a newer version that contains a fix for this issue. For xorg-x11-server-Xnest version 1.15.0, update to a newer version that contains a fix for this issue. For xorg-x11-server-Xephyr version 1.15.0, update to a newer version that contains a fix for this issue. For xorg-x11-server-source version 1.15.0, update to a newer version that contains a fix for this issue. For xorg-x11-server-debuginfo version 1.15.0, update to a newer version that contains a fix for this issue. For xorg-x11-server-common version 1.15.0, update to a newer version that contains a fix for this issue. For xorg-x11-server-devel version 1.15.0, update to a newer version that contains a fix for this issue. For xorg-x11-server-Xvfb version 1.15.0, update to a newer version that contains a fix for this issue. For xorg-x11-server-Xorg version 1.15.0, update to a newer version that contains a fix for this issue. As a temporary workaround, consider disabling the affected functions in the DRI3 or Present extension until a patch is available. Restrict access to the vulnerable modules to minimize the risk of exploitation. Avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved.