Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 16 May 2014 01:08:59 +0200
From: Frédéric Basse <basse.frederic@...il.com>
To: oss-security@...ts.openwall.com
Subject: [CVE-2014-2978] DirectFB remote out-of-bounds write vulnerability

[CVE-2014-2978] DirectFB remote out-of-bounds write vulnerability
________________________________________________________________________
Summary:
DirectFB is prone to an out-of-bound write vulnerability since version
1.4.4.

The vulnerability can be triggered remotely without authentication
through Voodoo interface (network layer of DirectFB).
________________________________________________________________________
Details:
An attacker can choose to overflow in the heap or the stack.
________________________________________________________________________
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: None
Confidentiality Impact: Complete
Integrity Impact: Complete
Availability Impact: Complete
________________________________________________________________________
Disclosure Timeline:
2014-03-27 Developer notified
2014-04-21 CVE-2014-2978 assigned
2014-05-16 Public advisory
________________________________________________________________________
References:
http://www.directfb.org/
http://mail.directfb.org/pipermail/directfb-dev/2014-March/006805.html
________________________________________________________________________


Download attachment "signature.asc" of type "application/pgp-signature" (535 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.