oss-sec mailing list archives
[CVE-2014-2978] DirectFB remote out-of-bounds write vulnerability
From: Frédéric Basse <basse.frederic () gmail com>
Date: Fri, 16 May 2014 01:08:59 +0200
[CVE-2014-2978] DirectFB remote out-of-bounds write vulnerability ________________________________________________________________________ Summary: DirectFB is prone to an out-of-bound write vulnerability since version 1.4.4. The vulnerability can be triggered remotely without authentication through Voodoo interface (network layer of DirectFB). ________________________________________________________________________ Details: An attacker can choose to overflow in the heap or the stack. ________________________________________________________________________ CVSS Version 2 Metrics: Access Vector: Network exploitable Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete ________________________________________________________________________ Disclosure Timeline: 2014-03-27 Developer notified 2014-04-21 CVE-2014-2978 assigned 2014-05-16 Public advisory ________________________________________________________________________ References: http://www.directfb.org/ http://mail.directfb.org/pipermail/directfb-dev/2014-March/006805.html ________________________________________________________________________
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- [CVE-2014-2978] DirectFB remote out-of-bounds write vulnerability Frédéric Basse (May 15)