CVE-2014-8099 Information

Description

The XVideo extension in XFree86 4.0.0 X.Org X Window System (aka X11 or X) X11R6.7 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXvQueryExtension (2) SProcXvQueryAdaptors (3) SProcXvQueryEncodings (4) SProcXvGrabPort (5) SProcXvUngrabPort (6) SProcXvPutVideo (7) SProcXvPutStill (8) SProcXvGetVideo (9) SProcXvGetStill (10) SProcXvPutImage (11) SProcXvShmPutImage (12) SProcXvSelectVideoNotify (13) SProcXvSelectPortNotify (14) SProcXvStopVideo (15) SProcXvSetPortAttribute (16) SProcXvGetPortAttribute (17) SProcXvQueryBestSize (18) SProcXvQueryPortAttributes (19) SProcXvQueryImageAttributes or (20) SProcXvListImageFormats function.

Reference

http://advisories.mageia.org/MGASA-2014-0532.html http://secunia.com/advisories/61947 http://secunia.com/advisories/62292 http://www.debian.org/security/2014/dsa-3095 http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.securityfocus.com/bid/71600 http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/ https://security.gentoo.org/glsa/201504-06