MidnightBSD

Advisories for directfb

CVE-2014-2977 HIGH

Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
opensuse opensuse 13.1
suse linux_enterprise_workstation_extension 12
suse suse_linux_enterprise_server 12
suse linux_enterprise_software_development_kit 12
directfb directfb 1.4.13
suse linux_enterprise_desktop 12
CVE-2014-2978 HIGH

The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
opensuse opensuse 13.1
directfb directfb 1.4.4
suse linux_enterprise_workstation_extension 12
suse suse_linux_enterprise_server 12
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_desktop 12