Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Suse Linux enterprise software development kit 12 (not an official CPE)
Suse Linux enterprise desktop 12 (not an official CPE)
Opensuse Opensuse 13.2 (not an official CPE)
Opensuse Opensuse 13.1 (not an official CPE)
Suse Linux enterprise workstation extension 12 (not an official CPE)
Suse Suse linux enterprise server 12 (not an official CPE)