PT-2013-1119 · X.Org Foundation+4 · Libxtst-Debuginfo+44
Ilja Van Sprundel
·
Published
2013-06-15
·
Updated
2024-06-15
·
CVE-2013-1983
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
libX11 versions 1.6.0
libX11-devel versions 1.6.0
libXext versions 1.3.2
libXext-debuginfo versions 1.3.2
libXext-devel versions 1.3.2
libXfixes versions 5.0.1
libXfixes-debuginfo versions 5.0.1
libXfixes-devel versions 5.0.1
libXinerama versions 1.1.3
libXinerama-debuginfo versions 1.1.3
libXinerama-devel versions 1.1.3
libXp versions 1.0.2
libXp-debuginfo versions 1.0.2
libXp-devel versions 1.0.2
libXrandr versions 1.4.1
libXrandr-debuginfo versions 1.4.1
libXrandr-devel versions 1.4.1
libXrender versions 0.9.8
libXrender-debuginfo versions 0.9.8
libXrender-devel versions 0.9.8
libXres versions 1.0.7
libXres-debuginfo versions 1.0.7
libXres-devel versions 1.0.7
libXt versions 1.1.4
libXt-debuginfo versions 1.1.4
libXt-devel versions 1.1.4
libXv versions 1.0.9
libXvMC versions 1.0.8
libXi versions 1.7.2
libXi-debuginfo versions 1.7.2
libXi-devel versions 1.7.2
libXxf86dga versions 1.1.4
libXxf86vm versions 1.1.3
libXcursor versions 1.1.14
libXcursor-debuginfo versions 1.1.14
libXcursor-devel versions 1.1.14
libXtst versions 1.2.2
libXtst-debuginfo versions 1.2.2
xorg-server versions prior to 1.14.3-r2
xorg-x11-proto-devel versions 7.7
xorg-x11-xtrans-devel versions 1.3.4
xcb-proto versions 1.8
libxcb versions 1.9.1
libX11-common versions 1.6.0
xkeyboard-config versions 2.11
Description
The issue is related to multiple vulnerabilities in various packages of the Red Hat Enterprise Linux and Gentoo Linux operating systems. These vulnerabilities can be exploited remotely and may lead to a breach of confidentiality, integrity, and availability of protected information. The vulnerabilities are related to integer overflows, which can cause the allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function.
Recommendations
For each affected version, update to a version that is not vulnerable.
For libXfixes versions 5.0 and earlier, consider disabling the
XFixesGetCursorImage function until a patch is available.
Restrict access to the vulnerable modules to minimize the risk of exploitation.
Avoid using the vulnerable packages until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Centos
Red Hat
Suse
Libx11
Libx11-Common
Libx11-Devel
Libxcursor
Libxcursor-Debuginfo
Libxcursor-Devel
Libxext
Libxext-Debuginfo
Libxext-Dev
Libxfixes
Libxfixes-Debuginfo
Libxfixes-Devel
Libxi
Libxi-Debuginfo
Libxi-Devel
Libxinerama
Libxinerama-Debuginfo
Libxinerama-Devel
Libxp
Libxp-Devel
Libxrandr
Libxrandr-Debuginfo
Libxrandr-Dev
Libxrender
Libxrender-Devel
Libxres
Libxres-Debuginfo
Libxres-Devel
Libxt
Libxtst-Debuginfo
Libxt-Devel
Libxtst
Libxv
Libxvmc
Libxxf86Dga
Libxxf86Vm
Libxcb
Xcb-Proto
Xkeyboard-Config
Xorg-Server
Xorg-X11-Proto-Devel
Xorg-X11-Xtrans-Devel