CVE-2013-2004

Name of the Vulnerable Software and Affected Versions libX11 versions 1.5.99.901 and earlier libXext versions 1.3.2 and earlier libXt versions 1.1.4 and earlier libXtst versions 1.2.2 and earlier libXfixes versions 5.0.1 and earlier libXinerama versions 1.1.3 and earlier libXp versions 1.0.2 and earlier libXrandr versions 1.4.1 and earlier libXrender versions 0.9.8 and earlier libXres versions 1.0.7 and earlier libXv versions 1.0.9 and earlier libXi versions 1.7.2 and earlier libXcursor versions 1.1.14 and earlier libXxf86vm versions 1.1.3 and earlier libXxf86dga versions 1.1.4 and earlier libXvMC versions 1.0.8 and earlier xorg-server versions prior to 1.14.3-r2 xcb-proto versions 1.8 and earlier xorg-x11-proto-devel versions 7.7 and earlier xorg-x11-xtrans-devel versions 1.3.4 and earlier

Description The issue affects multiple packages in the Red Hat Enterprise Linux and Gentoo Linux operating systems, allowing for remote exploitation that may lead to a breach of confidentiality, integrity, and availability of protected information. The (1) GetDatabase and (2) XimParseStringFile functions in X.org libX11 1.5.99.901 and earlier do not restrict the recursion depth when processing directives to include files, which can cause a denial of service (stack consumption) via a crafted file.

Recommendations For libX11 versions 1.5.99.901 and earlier, update to a version that restricts recursion depth in the GetDatabase and XimParseStringFile functions. For libXext versions 1.3.2 and earlier, update to a version that fixes the vulnerabilities. For libXt versions 1.1.4 and earlier, update to a version that fixes the vulnerabilities. For libXtst versions 1.2.2 and earlier, update to a version that fixes the vulnerabilities. For libXfixes versions 5.0.1 and earlier, update to a version that fixes the vulnerabilities. For libXinerama versions 1.1.3 and earlier, update to a version that fixes the vulnerabilities. For libXp versions 1.0.2 and earlier, update to a version that fixes the vulnerabilities. For libXrandr versions 1.4.1 and earlier, update to a version that fixes the vulnerabilities. For libXrender versions 0.9.8 and earlier, update to a version that fixes the vulnerabilities. For libXres versions 1.0.7 and earlier, update to a version that fixes the vulnerabilities. For libXv versions 1.0.9 and earlier, update to a version that fixes the vulnerabilities. For libXi versions 1.7.2 and earlier, update to a version that fixes the vulnerabilities. For libXcursor versions 1.1.14 and earlier, update to a version that fixes the vulnerabilities. For libXxf86vm versions 1.1.3 and earlier, update to a version that fixes the vulnerabilities. For libXxf86dga versions 1.1.4 and earlier, update to a version that fixes the vulnerabilities. For libXvMC versions 1.0.8 and earlier, update to a version that fixes the vulnerabilities. For xorg-server versions prior to 1.14.3-r2, update to version 1.14.3-r2 or later. For xcb-proto versions 1.8 and earlier, update to a version that fixes the vulnerabilities. For xorg-x11-proto-devel versions 7.7 and earlier, update to a version that fixes the vulnerabilities. For xorg-x11-xtrans-devel versions 1.3.4 and earlier, update to a version that fixes the vulnerabilities.