PT-2014-5000 · Directfb+1 · Directfb+1

Frédéric Basse

Published

2014-06-11

Updated

2024-06-15

CVE-2014-2978

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions DirectFB version 1.4.4

Description The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write in the Dispatch Write function in proxy/dispatcher/idirectfbsurface dispatcher.c.

Recommendations For DirectFB version 1.4.4, consider disabling the Voodoo interface as a temporary workaround until a patch is available. Restrict access to the Dispatch Write function in proxy/dispatcher/idirectfbsurface dispatcher.c to minimize the risk of exploitation.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2014-2978

MGASA-2015-0176

OPENSUSE-SU-2015_0807-1

OPENSUSE-SU-2024:10535-1

SUSE-SU-2015:0839-1

Affected Products

Directfb

Suse

PT-2014-5000 · Directfb+1 · Directfb+1

CVE-2014-2978

Weakness Enumeration

Related Identifiers

Affected Products

References · 23