CVE-2014-2978 - OpenCVE

The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Directfb	Directfb
Opensuse	Opensuse
Suse	Linux Enterprise Desktop Linux Enterprise Software Development Kit Linux Enterprise Workstation Extension Suse Linux Enterprise Server

Configuration 1 [-]

cpe:2.3:a:directfb:directfb:1.4.4:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:12:::::::*
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:::::::*
	cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:::::::*
	cpe:2.3:o:suse:suse_linux_enterprise_server:12:::::::*

No data.

References

Link	Providers
http://advisories.mageia.org/MGASA-2015-0176.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00003.html
http://mail.directfb.org/pipermail/directfb-dev/2014-March/006805.html
http://secunia.com/advisories/58448
http://www.mandriva.com/security/advisories?name=MDVSA-2015:223
http://www.openwall.com/lists/oss-security/2014/05/15/10
https://security.gentoo.org/glsa/201701-55

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-06-11T14:00:00

Updated: 2024-08-06T10:28:46.419Z

Reserved: 2014-04-21T00:00:00

Link: CVE-2014-2978

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-06-11T14:55:07.550

Modified: 2018-10-30T16:27:37.717

Link: CVE-2014-2978

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-03-27T00:00:00", "descriptions": [{"lang": "en", "value": "The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "MDVSA-2015:223", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:223"}, {"name": "SUSE-SU-2015:0839", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00003.html"}, {"name": "GLSA-201701-55", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-55"}, {"name": "openSUSE-SU-2015:0807", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00019.html"}, {"name": "[directfb-dev] 20140327 IDirectFBSurface Dispatch_Write bugs", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mail.directfb.org/pipermail/directfb-dev/2014-March/006805.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2015-0176.html"}, {"name": "[oss-security] 20140516 [CVE-2014-2978] DirectFB remote out-of-bounds write vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/05/15/10"}, {"name": "58448", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/58448"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2978", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MDVSA-2015:223", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:223"}, {"name": "SUSE-SU-2015:0839", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00003.html"}, {"name": "GLSA-201701-55", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-55"}, {"name": "openSUSE-SU-2015:0807", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00019.html"}, {"name": "[directfb-dev] 20140327 IDirectFBSurface Dispatch_Write bugs", "refsource": "MLIST", "url": "http://mail.directfb.org/pipermail/directfb-dev/2014-March/006805.html"}, {"name": "http://advisories.mageia.org/MGASA-2015-0176.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2015-0176.html"}, {"name": "[oss-security] 20140516 [CVE-2014-2978] DirectFB remote out-of-bounds write vulnerability", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/05/15/10"}, {"name": "58448", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/58448"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:28:46.419Z"}, "title": "CVE Program Container", "references": [{"name": "MDVSA-2015:223", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:223"}, {"name": "SUSE-SU-2015:0839", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00003.html"}, {"name": "GLSA-201701-55", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-55"}, {"name": "openSUSE-SU-2015:0807", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00019.html"}, {"name": "[directfb-dev] 20140327 IDirectFBSurface Dispatch_Write bugs", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mail.directfb.org/pipermail/directfb-dev/2014-March/006805.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2015-0176.html"}, {"name": "[oss-security] 20140516 [CVE-2014-2978] DirectFB remote out-of-bounds write vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/05/15/10"}, {"name": "58448", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/58448"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2978", "datePublished": "2014-06-11T14:00:00", "dateReserved": "2014-04-21T00:00:00", "dateUpdated": "2024-08-06T10:28:46.419Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:directfb:directfb:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "01A1F294-EE88-473A-B164-783BDA28BA52", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*", "matchCriteriaId": "F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*", "matchCriteriaId": "DB2A1559-651C-46B0-B436-8E03DC8A60D2", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*", "matchCriteriaId": "9DFA18B6-2642-470A-A350-68947529EE5D", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*", "matchCriteriaId": "9C649194-B8C2-49F7-A819-C635EE584ABF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write."}, {"lang": "es", "value": "La funci\u00f3n Dispatch_Write en proxy/dispatcher/idirectfbsurface_dispatcher.c en DirectFB 1.4.4 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de la interfaz Voodoo, lo que provoca una escritura fuera de rango."}], "id": "CVE-2014-2978", "lastModified": "2018-10-30T16:27:37.717", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-06-11T14:55:07.550", "references": [{"source": "cve@mitre.org", "url": "http://advisories.mageia.org/MGASA-2015-0176.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00019.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00003.html"}, {"source": "cve@mitre.org", "url": "http://mail.directfb.org/pipermail/directfb-dev/2014-March/006805.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/58448"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:223"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/05/15/10"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201701-55"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}