CVE Vulnerabilities

CVE-2014-2977

Published: Jun 11, 2014 | Modified: Oct 30, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.

Affected Software

Name Vendor Start Version End Version
Opensuse Opensuse 13.1 (including) 13.1 (including)
Opensuse Opensuse 13.2 (including) 13.2 (including)
Linux_enterprise_desktop Suse 12 (including) 12 (including)
Linux_enterprise_software_development_kit Suse 12 (including) 12 (including)
Linux_enterprise_workstation_extension Suse 12 (including) 12 (including)
Suse_linux_enterprise_server Suse 12 (including) 12 (including)
Directfb Ubuntu upstream *

References