CVE-2013-1998

Name of the Vulnerable Software and Affected Versions libXi versions 1.7.1 and earlier libXext versions 1.3.2 libX11 versions 1.6.0 libXt versions 1.1.4 libXfixes versions 5.0.1 libXinerama versions 1.1.3 libXp versions 1.0.2 libXcursor versions 1.1.14 libXtst versions 1.2.2 libXi versions 1.7.2 libXres versions 1.0.7 libxcb versions 1.9.1 libXxf86dga versions 1.1.4 xcb-proto versions 1.8 libXrandr versions 1.4.1 libXvMC versions 1.0.8 libX11-common versions 1.6.0 xorg-server versions prior to 1.14.3-r2

Description The issue involves multiple vulnerabilities in various packages of the X.org and related libraries in different Linux distributions, including Red Hat Enterprise Linux and Gentoo Linux. These vulnerabilities can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be carried out remotely. Specifically, buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XGetDeviceButtonMapping, XIPassiveGrabDevice, and XQueryDeviceState functions.

Recommendations For libXi versions 1.7.1 and earlier: Update to a version later than 1.7.1. For libXext versions 1.3.2: Update to a version later than 1.3.2. For libX11 versions 1.6.0: Update to a version later than 1.6.0. For libXt versions 1.1.4: Update to a version later than 1.1.4. For libXfixes versions 5.0.1: Update to a version later than 5.0.1. For libXinerama versions 1.1.3: Update to a version later than 1.1.3. For libXp versions 1.0.2: Update to a version later than 1.0.2. For libXcursor versions 1.1.14: Update to a version later than 1.1.14. For libXtst versions 1.2.2: Update to a version later than 1.2.2. For libXi versions 1.7.2: Update to a version later than 1.7.2. For libXres versions 1.0.7: Update to a version later than 1.0.7. For libxcb versions 1.9.1: Update to a version later than 1.9.1. For libXxf86dga versions 1.1.4: Update to a version later than 1.1.4. For xcb-proto versions 1.8: Update to a version later than 1.8. For libXrandr versions 1.4.1: Update to a version later than 1.4.1. For libXvMC versions 1.0.8: Update to a version later than 1.0.8. For libX11-common versions 1.6.0: Update to a version later than 1.6.0. For xorg-server versions prior to 1.14.3-r2: Update to version 1.14.3-r2 or later.