Description
The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat Enterprise Linux 5 | |||
| xorg-x11-server-0:1.1.1-48.107.el5_11 | cpe:/o:redhat:enterprise_linux:5 | RHSA-2014:1982 | 2014-12-11T00:00:00Z |
| Red Hat Enterprise Linux 6 | |||
| xorg-x11-server-0:1.15.0-25.el6_6 | cpe:/o:redhat:enterprise_linux:6 | RHSA-2014:1983 | 2014-12-11T00:00:00Z |
| Red Hat Enterprise Linux 7 | |||
| xorg-x11-server-0:1.15.0-7.el7_0.3 | cpe:/o:redhat:enterprise_linux:7 | RHSA-2014:1983 | 2014-12-11T00:00:00Z |
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DLA |
DLA-120-1 | xorg-server security update |
 Debian DSA |
DSA-3095-1 | xorg-server security update |
 EUVD |
EUVD-2014-7947 | The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function. |
 Ubuntu USN |
USN-2436-1 | X.Org X server vulnerabilities |
References
History
Fri, 29 Aug 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
X.org x Server
|
|
| CPEs | cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:* | |
| Vendors & Products |
X.org xorg-server
|
X.org x Server
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-06T13:10:50.327Z
Reserved: 2014-10-10T00:00:00.000Z
Link: CVE-2014-8100
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2014-12-10T15:59:13.050
Modified: 2025-08-29T13:42:30.557
Link: CVE-2014-8100
Redhat
OpenCVE Enrichment
No data.