Unrated severityNVD Advisory· Published Jun 11, 2014· Updated May 6, 2026
CVE-2014-2977
CVE-2014-2977
Description
Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.
Affected products
7- cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- advisories.mageia.org/MGASA-2015-0176.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-04/msg00019.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00003.htmlnvd
- mail.directfb.org/pipermail/directfb-dev/2014-March/006805.htmlnvd
- secunia.com/advisories/58448nvd
- www.mandriva.com/security/advisoriesnvd
- www.openwall.com/lists/oss-security/2014/05/15/9nvd
- security.gentoo.org/glsa/201701-55nvd
News mentions
0No linked articles in our index yet.