CVE-2014-8095 Information

Description

The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXChangeDeviceControl (2) ProcXChangeDeviceControl (3) ProcXChangeFeedbackControl (4) ProcXSendExtensionEvent (5) SProcXIAllowEvents (6) SProcXIChangeCursor (7) ProcXIChangeHierarchy (8) SProcXIGetClientPointer (9) SProcXIGrabDevice (10) SProcXIUngrabDevice (11) ProcXIUngrabDevice (12) SProcXIPassiveGrabDevice (13) ProcXIPassiveGrabDevice (14) SProcXIPassiveUngrabDevice (15) ProcXIPassiveUngrabDevice (16) SProcXListDeviceProperties (17) SProcXDeleteDeviceProperty (18) SProcXIListProperties (19) SProcXIDeleteProperty (20) SProcXIGetProperty (21) SProcXIQueryDevice (22) SProcXIQueryPointer (23) SProcXISelectEvents (24) SProcXISetClientPointer (25) SProcXISetFocus (26) SProcXIGetFocus or (27) SProcXIWarpPointer function.

Reference

http://advisories.mageia.org/MGASA-2014-0532.html http://secunia.com/advisories/61947 http://secunia.com/advisories/62292 http://www.debian.org/security/2014/dsa-3095 http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/71599 http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/ https://security.gentoo.org/glsa/201504-06