PT-2014-4999 · Directfb+1 · Directfb+1

Frédéric Basse

Published

2014-06-11

Updated

2024-06-15

CVE-2014-2977

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions DirectFB version 1.4.13

Description The issue is related to multiple integer signedness errors in the Dispatch Write function, which can be triggered via the Voodoo interface. This can lead to a denial of service (crash) and potentially allow the execution of arbitrary code due to a stack-based buffer overflow.

Recommendations For DirectFB version 1.4.13, consider applying a patch or fix that addresses the integer signedness errors in the Dispatch Write function to prevent potential exploitation. As a temporary workaround, restrict access to the Voodoo interface to minimize the risk of a denial of service or arbitrary code execution.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2014-2977

MGASA-2015-0176

OPENSUSE-SU-2015_0807-1

OPENSUSE-SU-2024:10535-1

SUSE-SU-2015:0839-1

SUSE-SU-2015_0839-1

Affected Products

Directfb

Suse

PT-2014-4999 · Directfb+1 · Directfb+1

CVE-2014-2977

Weakness Enumeration

Related Identifiers

Affected Products

References · 25