UBUNTU-CVE-2014-0981

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2014-0981

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-0981.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2014-0981

Upstream

CVE-2014-0981

Withdrawn

2025-07-18T16:42:59Z

Published

2014-03-31T14:58:00Z

Modified

2025-07-16T07:31:40.622024Z

Severity

Ubuntu - medium

Summary

[none]

Details

VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CRMESSAGEREADBACK or (2) CRMESSAGEWRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.

References

Affected packages

Ubuntu:14.04:LTS / virtualbox

Package

Name: virtualbox
Purl: pkg:deb/ubuntu/virtualbox@4.3.10-dfsg-1?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.10-dfsg-1

Affected versions

4.*

4.2.16-dfsg-3

4.2.16-dfsg-3ubuntu1

4.3.2-dfsg-1

4.3.2-dfsg-1ubuntu1

4.3.2-dfsg-1ubuntu2

4.3.6-dfsg-1

4.3.6-dfsg-2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "4.3.10-dfsg-1",
            "binary_name": "virtualbox"
        },
        {
            "binary_version": "4.3.10-dfsg-1",
            "binary_name": "virtualbox-dbg"
        },
        {
            "binary_version": "4.3.10-dfsg-1",
            "binary_name": "virtualbox-dkms"
        },
        {
            "binary_version": "4.3.10-dfsg-1",
            "binary_name": "virtualbox-guest-dkms"
        },
        {
            "binary_version": "4.3.10-dfsg-1",
            "binary_name": "virtualbox-guest-source"
        },
        {
            "binary_version": "4.3.10-dfsg-1",
            "binary_name": "virtualbox-guest-utils"
        },
        {
            "binary_version": "4.3.10-dfsg-1",
            "binary_name": "virtualbox-guest-x11"
        },
        {
            "binary_version": "4.3.10-dfsg-1",
            "binary_name": "virtualbox-qt"
        },
        {
            "binary_version": "4.3.10-dfsg-1",
            "binary_name": "virtualbox-source"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-0981.json"