1. Home
  2. CVE Database
  3. CVE-2014-8100
MEDIUM · 6.5

CVE-2014-8100

The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of...

Vulnerability Description

The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function.

CVSS Score

6.5

MEDIUM

AV:N/AC:L/Au:S/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
X.OrgXfree864.0.1
X.OrgX Server<= 1.16.2.99.901
X.OrgX116.7

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2014-8100?

CVE-2014-8100 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of...

How severe is CVE-2014-8100?

CVE-2014-8100 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-8100?

Check the references section above for vendor advisories and patch information. Affected products include: X.Org Xfree86, X.Org X Server, X.Org X11.