CVE-2014-2977

2014-06-11 16:55:07 2018-10-30 17:27:37

Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Suse Linux enterprise software development kit 12 (not an official CPE) Suse Linux enterprise desktop 12 (not an official CPE) Opensuse Opensuse 13.2 (not an official CPE) Opensuse Opensuse 13.1 (not an official CPE) Suse Linux enterprise workstation extension 12 (not an official CPE) Suse Suse linux enterprise server 12 (not an official CPE)

DirectFB 1.4.13

Suse - Linux enterprise software development kit Suse - Linux enterprise desktop Opensuse - Opensuse Directfb - Directfb Suse - Linux enterprise workstation extension Suse - Suse linux enterprise server

Advisory	Patch	Confirmed	Link
			[oss-security] 20140516 [CVE-2014-2977] DirectFB integer...
			MDVSA-2015:223
			[directfb-dev] 20140327 IDirectFBSurface Dispatch_Write ...
			SUSE-SU-2015:0839
			openSUSE-SU-2015:0807
			http://advisories.mageia.org/MGASA-2015-0176.html
			GLSA-201701-55

CVE-2014-2977

2014-06-11 16:55:07 2018-10-30 17:27:37

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)