DirectFB is prone to an integer signedness vulnerability since version 1.4.13.
The vulnerability can be triggered remotely without authentication through Voodoo interface (network layer of DirectFB).
DetailsThis integer coercion error may lead to a stack overflow.
CVSS Version 2 Metrics
- Access Vector: Network exploitable
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Complete
- Integrity Impact: Complete
- Availability Impact: Complete
- 2014-03-27 Developer notified
- 2014-04-21 CVE-2014-2977 assigned
- 2014-05-16 Public advisory