CVE-2013-1997

Name of the Vulnerable Software and Affected Versions libX11 versions 1.5.99.901 through 1.6.0 xorg-server versions prior to 1.14.3-r2 libXext versions 1.3.2 libXt versions 1.1.4 libXfixes versions 5.0.1 libXinerama versions 1.1.3 libXp versions 1.0.2 libXtst versions 1.2.2 libXi versions 1.7.2 libXres versions 1.0.7 libXcursor versions 1.1.14 libXrandr versions 1.4.1 libXv versions 1.0.9 libXvMC versions 1.0.8 libXxf86vm versions 1.1.3 libXxf86dga versions 1.1.4 xcb-proto versions 1.8 libXrender versions 0.9.8

Description The issue involves multiple vulnerabilities in various packages of the X.org library, including libX11, libXext, libXt, libXfixes, libXinerama, libXp, libXtst, libXi, libXres, libXcursor, libXrandr, libXv, libXvMC, libXxf86vm, libXxf86dga, xcb-proto, and libXrender. These vulnerabilities can be exploited remotely, potentially leading to a disruption of confidentiality, integrity, and availability of protected information. The exploitation can cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to various functions, including XAllocColorCells, XkbReadGetDeviceInfoReply, XkbReadGeomShapes, and others.

Recommendations For libX11 versions 1.5.99.901 through 1.6.0, update to a version later than 1.6.0. For xorg-server versions prior to 1.14.3-r2, update to version 1.14.3-r2 or later. For libXext versions 1.3.2, update to a version later than 1.3.2. For libXt versions 1.1.4, update to a version later than 1.1.4. For libXfixes versions 5.0.1, update to a version later than 5.0.1. For libXinerama versions 1.1.3, update to a version later than 1.1.3. For libXp versions 1.0.2, update to a version later than 1.0.2. For libXtst versions 1.2.2, update to a version later than 1.2.2. For libXi versions 1.7.2, update to a version later than 1.7.2. For libXres versions 1.0.7, update to a version later than 1.0.7. For libXcursor versions 1.1.14, update to a version later than 1.1.14. For libXrandr versions 1.4.1, update to a version later than 1.4.1. For libXv versions 1.0.9, update to a version later than 1.0.9. For libXvMC versions 1.0.8, update to a version later than 1.0.8. For libXxf86vm versions 1.1.3, update to a version later than 1.1.3. For libXxf86dga versions 1.1.4, update to a version later than 1.1.4. For xcb-proto versions 1.8, update to a version later than 1.8. For libXrender versions 0.9.8, update to a version later than 0.9.8. As a temporary workaround, consider disabling the vulnerable functions until a patch is available. Restrict access to the vulnerable modules to minimize the risk of exploitation. Avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved.