CVE-2014-9766 - OpenCVE

Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Ubuntu Linux
Pixman	Pixman

Configuration 1 [-]

cpe:2.3:a:pixman:pixman:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

References

Link	Resource
http://www.debian.org/security/2016/dsa-3525
http://www.openwall.com/lists/oss-security/2016/02/24/13
http://www.openwall.com/lists/oss-security/2016/02/24/15
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.ubuntu.com/usn/USN-2918-1
https://bugs.freedesktop.org/show_bug.cgi?id=69014
https://bugzilla.redhat.com/show_bug.cgi?id=972647
https://cgit.freedesktop.org/pixman/commit/?id=857e40f3d2bc2cfb714913e0cd7e6184cf69aca3
https://lists.freedesktop.org/archives/pixman/2014-April/003244.html	Vendor Advisory
https://lists.x.org/archives/xorg-announce/2014-July/002452.html	Vendor Advisory Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-04-13T14:00:00

Updated: 2016-11-30T18:57:01

Reserved: 2016-02-24T00:00:00

Link: CVE-2014-9766

JSON object: View

NVD Information

Status : Modified

Published: 2016-04-13T14:59:01.267

Modified: 2016-12-03T03:02:14.157

Link: CVE-2014-9766

JSON object: View

Redhat Information

No data.

CWE

CWE-189

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-04-09T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-30T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=69014"}, {"name": "[Pixman] 20140409 [PATCH] create_bits(): Cast the result of height * stride to size_t", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.freedesktop.org/archives/pixman/2014-April/003244.html"}, {"name": "[oss-security] 20160224 [Pixman] create_bits(): Cast the result of height * stride to size_t", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/02/24/13"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cgit.freedesktop.org/pixman/commit/?id=857e40f3d2bc2cfb714913e0cd7e6184cf69aca3"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=972647"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "[oss-security] 20160224 Re: [Pixman] create_bits(): Cast the result of height * stride to size_t", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/02/24/15"}, {"name": "[xorg-announce] 20140705 [ANNOUNCE] pixman release 0.32.6 now available", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.x.org/archives/xorg-announce/2014-July/002452.html"}, {"name": "USN-2918-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2918-1"}, {"name": "DSA-3525", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3525"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9766", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.freedesktop.org/show_bug.cgi?id=69014", "refsource": "CONFIRM", "url": "https://bugs.freedesktop.org/show_bug.cgi?id=69014"}, {"name": "[Pixman] 20140409 [PATCH] create_bits(): Cast the result of height * stride to size_t", "refsource": "MLIST", "url": "https://lists.freedesktop.org/archives/pixman/2014-April/003244.html"}, {"name": "[oss-security] 20160224 [Pixman] create_bits(): Cast the result of height * stride to size_t", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/02/24/13"}, {"name": "https://cgit.freedesktop.org/pixman/commit/?id=857e40f3d2bc2cfb714913e0cd7e6184cf69aca3", "refsource": "CONFIRM", "url": "https://cgit.freedesktop.org/pixman/commit/?id=857e40f3d2bc2cfb714913e0cd7e6184cf69aca3"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=972647", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=972647"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "[oss-security] 20160224 Re: [Pixman] create_bits(): Cast the result of height * stride to size_t", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/02/24/15"}, {"name": "[xorg-announce] 20140705 [ANNOUNCE] pixman release 0.32.6 now available", "refsource": "MLIST", "url": "https://lists.x.org/archives/xorg-announce/2014-July/002452.html"}, {"name": "USN-2918-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2918-1"}, {"name": "DSA-3525", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3525"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9766", "datePublished": "2016-04-13T14:00:00", "dateReserved": "2016-02-24T00:00:00", "dateUpdated": "2016-11-30T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pixman:pixman:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7B40883-BD42-4B33-ACC4-D71BF6522472", "versionEndIncluding": "0.32.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values."}, {"lang": "es", "value": "Desbordamiento de entero en la funci\u00f3n create_bits en pixman-bits-image.c en Pixman en versiones anteriores a 0.32.6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de valores grandes de height y stride."}], "id": "CVE-2014-9766", "lastModified": "2016-12-03T03:02:14.157", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-04-13T14:59:01.267", "references": [{"source": "cve@mitre.org", "url": "http://www.debian.org/security/2016/dsa-3525"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2016/02/24/13"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2016/02/24/15"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2918-1"}, {"source": "cve@mitre.org", "url": "https://bugs.freedesktop.org/show_bug.cgi?id=69014"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=972647"}, {"source": "cve@mitre.org", "url": "https://cgit.freedesktop.org/pixman/commit/?id=857e40f3d2bc2cfb714913e0cd7e6184cf69aca3"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://lists.freedesktop.org/archives/pixman/2014-April/003244.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory", "Patch"], "url": "https://lists.x.org/archives/xorg-announce/2014-July/002452.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}