[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-2977Date: (C)2014-06-16   (M)2023-12-22


Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECUNIA-58448
GLSA-201701-55
MDVSA-2015:223
SUSE-SU-2015:0839
http://mail.directfb.org/pipermail/directfb-dev/2014-March/006805.html
http://www.openwall.com/lists/oss-security/2014/05/15/9
http://advisories.mageia.org/MGASA-2015-0176.html
openSUSE-SU-2015:0807

CPE    3
cpe:/o:suse:suse_linux_enterprise_server:12
cpe:/o:opensuse:opensuse:13.1
cpe:/a:directfb:directfb:1.4.13
CWE    1
CWE-189

© SecPod Technologies