CVE-2013-1981

Name of the Vulnerable Software and Affected Versions libX11 versions 1.5.99.901 through 1.6.0 libXext versions 1.3.2 libXt versions 1.1.4 libXfixes versions 5.0.1 libXinerama versions 1.1.3 xorg-x11-proto-devel version 7.7 libXp versions 1.0.2 libXtst versions 1.2.2 libXi versions 1.7.2 libXres versions 1.0.7 libXrandr versions 1.4.1 libXv versions 1.0.9 libXvMC versions 1.0.8 libXcursor versions 1.1.14 libXrender versions 0.9.8 libXxf86vm versions 1.1.3 libXxf86dga versions 1.1.4 xcb-proto version 1.8 xorg-server versions prior to 1.14.3-r2

Description The issue is related to multiple vulnerabilities in various packages of the X.org library, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The affected packages include libX11, libXext, libXt, libXfixes, libXinerama, xorg-x11-proto-devel, libXp, libXtst, libXi, libXres, libXrandr, libXv, libXvMC, libXcursor, libXrender, libXxf86vm, libXxf86dga, and xcb-proto. The vulnerabilities are caused by multiple integer overflows in the X.org libX11 library, which can trigger allocation of insufficient memory and a buffer overflow via various vectors, including the XQueryFont, XF86BigfontQueryFont, XListFontsWithInfo, XGetMotionEvents, XListHosts, XGetModifierMapping, XGetPointerMapping, XGetKeyboardMapping, XGetWindowProperty, XGetImage, LoadColornameDB, XrmGetFileDatabase, XimParseStringFile, and TransFileName functions.

Recommendations For libX11 versions 1.5.99.901 through 1.6.0, update to a version later than 1.6.0. For libXext versions 1.3.2, update to a version later than 1.3.2. For libXt versions 1.1.4, update to a version later than 1.1.4. For libXfixes versions 5.0.1, update to a version later than 5.0.1. For libXinerama versions 1.1.3, update to a version later than 1.1.3. For xorg-x11-proto-devel version 7.7, update to a version later than 7.7. For libXp versions 1.0.2, update to a version later than 1.0.2. For libXtst versions 1.2.2, update to a version later than 1.2.2. For libXi versions 1.7.2, update to a version later than 1.7.2. For libXres versions 1.0.7, update to a version later than 1.0.7. For libXrandr versions 1.4.1, update to a version later than 1.4.1. For libXv versions 1.0.9, update to a version later than 1.0.9. For libXvMC versions 1.0.8, update to a version later than 1.0.8. For libXcursor versions 1.1.14, update to a version later than 1.1.14. For libXrender versions 0.9.8, update to a version later than 0.9.8. For libXxf86vm versions 1.1.3, update to a version later than 1.1.3. For libXxf86dga versions 1.1.4, update to a version later than 1.1.4. For xcb-proto version 1.8, update to a version later than 1.8. For xorg-server versions prior to 1.14.3-r2, update to version 1.14.3-r2 or later.