UBUNTU-CVE-2014-0983

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2014-0983

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-0983.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2014-0983

Upstream

CVE-2014-0983

Withdrawn

2025-07-18T16:42:59Z

Published

2014-03-31T14:58:00Z

Modified

2025-07-16T07:31:40.690464Z

Severity

Ubuntu - medium

Summary

[none]

Details

Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/serverdispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CRMESSAGEOPCODES messages with a crafted index, which are not properly handled by the (1) CRVERTEXATTRIB4NUBARBOPCODE to the crServerDispatchVertexAttrib4NubARB function, (2) CRVERTEXATTRIB1DARBOPCODE to the crServerDispatchVertexAttrib1dARB function, (3) CRVERTEXATTRIB1FARBOPCODE to the crServerDispatchVertexAttrib1fARB function, (4) CRVERTEXATTRIB1SARBOPCODE to the crServerDispatchVertexAttrib1sARB function, (5) CRVERTEXATTRIB2DARBOPCODE to the crServerDispatchVertexAttrib2dARB function, (6) CRVERTEXATTRIB2FARBOPCODE to the crServerDispatchVertexAttrib2fARB function, (7) CRVERTEXATTRIB2SARBOPCODE to the crServerDispatchVertexAttrib2sARB function, (8) CRVERTEXATTRIB3DARBOPCODE to the crServerDispatchVertexAttrib3dARB function, (9) CRVERTEXATTRIB3FARBOPCODE to the crServerDispatchVertexAttrib3fARB function, (10) CRVERTEXATTRIB3SARBOPCODE to the crServerDispatchVertexAttrib3sARB function, (11) CRVERTEXATTRIB4DARBOPCODE to the crServerDispatchVertexAttrib4dARB function, (12) CRVERTEXATTRIB4FARBOPCODE to the crServerDispatchVertexAttrib4fARB function, and (13) CRVERTEXATTRIB4SARB_OPCODE to the crServerDispatchVertexAttrib4sARB function.

References

Affected packages

Ubuntu:14.04:LTS / virtualbox

Package

Name: virtualbox
Purl: pkg:deb/ubuntu/virtualbox@4.3.10-dfsg-1?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.10-dfsg-1

Affected versions

4.*

4.2.16-dfsg-3

4.2.16-dfsg-3ubuntu1

4.3.2-dfsg-1

4.3.2-dfsg-1ubuntu1

4.3.2-dfsg-1ubuntu2

4.3.6-dfsg-1

4.3.6-dfsg-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "virtualbox",
            "binary_version": "4.3.10-dfsg-1"
        },
        {
            "binary_name": "virtualbox-dbg",
            "binary_version": "4.3.10-dfsg-1"
        },
        {
            "binary_name": "virtualbox-dkms",
            "binary_version": "4.3.10-dfsg-1"
        },
        {
            "binary_name": "virtualbox-guest-dkms",
            "binary_version": "4.3.10-dfsg-1"
        },
        {
            "binary_name": "virtualbox-guest-source",
            "binary_version": "4.3.10-dfsg-1"
        },
        {
            "binary_name": "virtualbox-guest-utils",
            "binary_version": "4.3.10-dfsg-1"
        },
        {
            "binary_name": "virtualbox-guest-x11",
            "binary_version": "4.3.10-dfsg-1"
        },
        {
            "binary_name": "virtualbox-qt",
            "binary_version": "4.3.10-dfsg-1"
        },
        {
            "binary_name": "virtualbox-source",
            "binary_version": "4.3.10-dfsg-1"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-0983.json"