CVE-2014-2978
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
11/06/2014
Last modified:
12/04/2025
Description
The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:directfb:directfb:1.4.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:* | ||
| cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:* | ||
| cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:* | ||
| cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://advisories.mageia.org/MGASA-2015-0176.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00019.html
- http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00003.html
- http://mail.directfb.org/pipermail/directfb-dev/2014-March/006805.html
- http://secunia.com/advisories/58448
- http://www.mandriva.com/security/advisories?name=MDVSA-2015%3A223
- http://www.openwall.com/lists/oss-security/2014/05/15/10
- https://security.gentoo.org/glsa/201701-55
- http://advisories.mageia.org/MGASA-2015-0176.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00019.html
- http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00003.html
- http://mail.directfb.org/pipermail/directfb-dev/2014-March/006805.html
- http://secunia.com/advisories/58448
- http://www.mandriva.com/security/advisories?name=MDVSA-2015%3A223
- http://www.openwall.com/lists/oss-security/2014/05/15/10
- https://security.gentoo.org/glsa/201701-55