CVE-2014-8095

Priority
Description
The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and
X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote
authenticated users to cause a denial of service (out-of-bounds read or
write) or possibly execute arbitrary code via a crafted length or index
value to the (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl,
(3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5)
SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8)
SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice,
(11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13)
ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15)
ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17)
SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19)
SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice,
(22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24)
SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus, or
(27) SProcXIWarpPointer function.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (2:1.16.2.901-1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [2:1.15.1-0ubuntu2.4])
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE
More Information

Updated: 2019-12-05 18:38:29 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)