CVE-2014-8100

{"id": "CVE-2014-8100", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-12-10T15:59:13.050", "references": [{"url": "http://advisories.mageia.org/MGASA-2014-0532.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/61947", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/62292", "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2014/dsa-3095", "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119", "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/71602", "source": "secalert@redhat.com"}, {"url": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security.gentoo.org/glsa/201504-06", "source": "secalert@redhat.com"}, {"url": "http://advisories.mageia.org/MGASA-2014-0532.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/61947", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/62292", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2014/dsa-3095", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/71602", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201504-06", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function."}, {"lang": "es", "value": "La extensi\u00f3n Render en XFree86 4.0.1, X.Org X Window System (tambi\u00e9n conocido como X11 o X) X11R6.7, y X.Org Server (tambi\u00e9n conocido como xserver y xorg-server) anterior a 1.16.3 permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (lectura o escritura fuera de rango) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un valor de longitud o de indice manipulado en la funci\u00f3n (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, o (15) SProcRenderCompositeGlyphs."}], "lastModified": "2024-11-21T02:18:33.387", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:x.org:xfree86:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83F5FE68-ACFB-461B-A66E-6B55D32B520D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85CE05AA-E4DA-42C5-A5CA-FBC6B8B6A147", "versionEndIncluding": "1.16.2.99.901"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:x.org:x11:6.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD8916AC-DE3B-4BE0-9430-3F234A0170A9"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}