CVE-2014-8100 Information

Description

The Render extension in XFree86 4.0.1 X.Org X Window System (aka X11 or X) X11R6.7 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion (2) SProcRenderQueryVersion (3) SProcRenderQueryPictFormats (4) SProcRenderQueryPictIndexValues (5) SProcRenderCreatePicture (6) SProcRenderChangePicture (7) SProcRenderSetPictureClipRectangles (8) SProcRenderFreePicture (9) SProcRenderComposite (10) SProcRenderScale (11) SProcRenderCreateGlyphSet (12) SProcRenderReferenceGlyphSet (13) SProcRenderFreeGlyphSet (14) SProcRenderFreeGlyphs or (15) SProcRenderCompositeGlyphs function.

Reference

http://advisories.mageia.org/MGASA-2014-0532.html http://secunia.com/advisories/61947 http://secunia.com/advisories/62292 http://www.debian.org/security/2014/dsa-3095 http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/71602 http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/ https://security.gentoo.org/glsa/201504-06