CVE-2013-1992

Name of the Vulnerable Software and Affected Versions libdmx versions 1.1.2 and earlier xorg-server versions prior to 1.14.3-r2 libXext versions 1.3.2 libX11 versions 1.6.0 libXt versions 1.1.4 libXfixes versions 5.0.1 libXinerama versions 1.1.3 libXp versions 1.0.2 libXcursor versions 1.1.14 libXtst versions 1.2.2 libXi versions 1.7.2 libXres versions 1.0.7 libXrandr versions 1.4.1 libXv versions 1.0.9 libXxf86vm versions 1.1.3 libXrender versions 0.9.8 libXvMC versions 1.0.8 libX11-common versions 1.6.0 xcb-proto versions 1.8 libXxf86dga versions 1.1.4

Description The issue involves multiple vulnerabilities in various packages of the Red Hat Enterprise Linux and Gentoo Linux operating systems. These vulnerabilities can lead to breaches of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be carried out remotely. Specifically, multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) DMXGetScreenAttributes, (2) DMXGetWindowAttributes, and (3) DMXGetInputAttributes functions.

Recommendations For libdmx versions 1.1.2 and earlier, update to a version later than 1.1.2. For xorg-server versions prior to 1.14.3-r2, update to version 1.14.3-r2 or later. For libXext versions 1.3.2, update to a version later than 1.3.2. For libX11 versions 1.6.0, update to a version later than 1.6.0. For libXt versions 1.1.4, update to a version later than 1.1.4. For libXfixes versions 5.0.1, update to a version later than 5.0.1. For libXinerama versions 1.1.3, update to a version later than 1.1.3. For libXp versions 1.0.2, update to a version later than 1.0.2. For libXcursor versions 1.1.14, update to a version later than 1.1.14. For libXtst versions 1.2.2, update to a version later than 1.2.2. For libXi versions 1.7.2, update to a version later than 1.7.2. For libXres versions 1.0.7, update to a version later than 1.0.7. For libXrandr versions 1.4.1, update to a version later than 1.4.1. For libXv versions 1.0.9, update to a version later than 1.0.9. For libXxf86vm versions 1.1.3, update to a version later than 1.1.3. For libXrender versions 0.9.8, update to a version later than 0.9.8. For libXvMC versions 1.0.8, update to a version later than 1.0.8. For libX11-common versions 1.6.0, update to a version later than 1.6.0. For xcb-proto versions 1.8, update to a version later than 1.8. For libXxf86dga versions 1.1.4, update to a version later than 1.1.4. As a temporary workaround, consider disabling the affected functions until a patch is available. Restrict access to the vulnerable modules to minimize the risk of exploitation. Avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved.