Vulnerability identifier: #VU41020

Vulnerability risk: Low

CVSSv3.1: 3.1 [CVSS:3.1/AV:N/AC:L/PR:/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]

CVE-ID: CVE-2014-8094

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
xorg-server
Other software / Other software solutions
Oracle Solaris
Operating systems & Components / Operating system
Debian Linux
Operating systems & Components / Operating system

Vendor: xorg.freedesktop.org
Oracle
Debian

Description

The vulnerability allows remote authenticated users to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers an out-of-bounds read or write.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

xorg-server: 1.7.0 - 1.16.2.901

Oracle Solaris: 1.7.0 - 11.2

Debian Linux: 1.7.0 - 11.2

---

External links
http://advisories.mageia.org/MGASA-2014-0532.html
http://secunia.com/advisories/61947
http://secunia.com/advisories/62292
http://www.debian.org/security/2014/dsa-3095
http://www.mandriva.com/security/advisories?name=MDVSA-2015:119
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.securityfocus.com/bid/71601
http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/
http://security.gentoo.org/glsa/201504-06

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.