Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows local users to cause a denial of service (SDL crash) and possibly execute arbitrary code via "bogus screen updates," related to missing validation of the "format of messages."
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 7.2 | HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
https://bugzilla.redhat.com/show_bug.cgi?id=443078 "The PVFB backend is a user space program running as root in dom0"