DirectFB is prone to an out-of-bound write vulnerability since version 1.4.4.
The vulnerability can be triggered remotely without authentication through Voodoo interface (network layer of DirectFB).
DetailsAn attacker can choose to overflow in the heap or the stack.
CVSS Version 2 Metrics
- Access Vector: Network exploitable
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Complete
- Integrity Impact: Complete
- Availability Impact: Complete
- 2014-03-27 Developer notified
- 2014-04-21 CVE-2014-2978 assigned
- 2014-05-16 Public advisory