PT-2013-1120 · X.Org+3 · Libxi+21

Ilja Van Sprundel

·

Published

2013-06-15

·

Updated

2014-10-20

·

CVE-2013-1990

CVSS v2.0

6.8

Medium

VectorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions libXvMC version 1.0.7 and earlier libXext versions 1.3.2 libX11 versions 1.6.0 libXt versions 1.1.4 libXfixes versions 5.0.1 libXinerama versions 1.1.3 xorg-server versions prior to 1.14.3-r2 libXp versions 1.0.2 libXi versions 1.7.2 libXres versions 1.0.7 libXrandr versions 1.4.1 libXv versions 1.0.9 libXxf86vm versions 1.1.3 libXrender versions 0.9.8 libXtst versions 1.2.2 libXcursor versions 1.1.14 libXxf86dga versions 1.1.4 xcb-proto versions 1.8 xkeyboard-config versions 2.11
Description The issue is related to multiple vulnerabilities in various packages of the X.org and related libraries in different Linux distributions, including Red Hat Enterprise Linux, Gentoo Linux, and Debian GNU/Linux. These vulnerabilities can lead to disruption of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be performed remotely. Specifically, integer overflows in X.org libXvMC 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvMCListSurfaceTypes and (2) XvMCListSubpictureTypes functions.
Recommendations For libXvMC version 1.0.7 and earlier: Update to a version later than 1.0.7. For libXext versions 1.3.2: Update to a version later than 1.3.2. For libX11 versions 1.6.0: Update to a version later than 1.6.0. For libXt versions 1.1.4: Update to a version later than 1.1.4. For libXfixes versions 5.0.1: Update to a version later than 5.0.1. For libXinerama versions 1.1.3: Update to a version later than 1.1.3. For xorg-server versions prior to 1.14.3-r2: Update to version 1.14.3-r2 or later. For libXp versions 1.0.2: Update to a version later than 1.0.2. For libXi versions 1.7.2: Update to a version later than 1.7.2. For libXres versions 1.0.7: Update to a version later than 1.0.7. For libXrandr versions 1.4.1: Update to a version later than 1.4.1. For libXv versions 1.0.9: Update to a version later than 1.0.9. For libXxf86vm versions 1.1.3: Update to a version later than 1.1.3. For libXrender versions 0.9.8: Update to a version later than 0.9.8. For libXtst versions 1.2.2: Update to a version later than 1.2.2. For libXcursor versions 1.1.14: Update to a version later than 1.1.14. For libXxf86dga versions 1.1.4: Update to a version later than 1.1.4. For xcb-proto versions 1.8: Update to a version later than 1.8. For xkeyboard-config versions 2.11: Update to a version later than 2.11.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-189

Related Identifiers

BDU:2015-03302
BDU:2015-06306
BDU:2015-06354
BDU:2015-06355
BDU:2015-06356
BDU:2015-06357
BDU:2015-06358
BDU:2015-06359
BDU:2015-06360
BDU:2015-06361
BDU:2015-06362
BDU:2015-06363
BDU:2015-06364
BDU:2015-06365
BDU:2015-06366
BDU:2015-06367
BDU:2015-06375
BDU:2015-06376
BDU:2015-06377
BDU:2015-06378
BDU:2015-06379
BDU:2015-06380
BDU:2015-06392
BDU:2015-06393
BDU:2015-06394
BDU:2015-06395
BDU:2015-06396
BDU:2015-06397
BDU:2015-06398
BDU:2015-06399
BDU:2015-06400
BDU:2015-06401
BDU:2015-06402
BDU:2015-06403
BDU:2015-06404
BDU:2015-06405
BDU:2015-06406
BDU:2015-06407
BDU:2015-06408
BDU:2015-06409
BDU:2015-06410
BDU:2015-06411
BDU:2015-06412
BDU:2015-06575
BDU:2015-06576
BDU:2015-06577
BDU:2015-06607
BDU:2015-09727
CESA-2014_1436
CVE-2013-1990
DSA-2675-1
MGASA-2013-0186
OPENSUSE-SU-2024:10255-1
RHSA-2014:1436
RHSA-2014_1436
SUSE-SU-2015:0674-1

Affected Products

Centos
Red Hat
Suse
Libx11
Libxcursor
Libxext
Libxfixes
Libxi
Libxinerama
Libxp
Libxrandr
Libxrender
Libxres
Libxt
Libxtst
Libxv
Libxvmc
Libxxf86Dga
Libxxf86Vm
Xcb-Proto
Xkeyboard-Config
Xorg-Server