CVE-2013-2003

Name of the Vulnerable Software and Affected Versions libXcursor versions 1.1.13 and earlier xorg-server versions prior to 1.14.3-r2 libXext versions 1.3.2 and earlier libX11 versions 1.6.0 and earlier libXt versions 1.1.4 and earlier libXfixes versions 5.0.1 and earlier libXinerama versions 1.1.3 and earlier libXp versions 1.0.2 and earlier libXtst versions 1.2.2 and earlier libXi versions 1.7.2 and earlier libXres versions 1.0.7 and earlier libXrandr versions 1.4.1 and earlier libXv versions 1.0.9 and earlier libXvMC versions 1.0.8 and earlier libXxf86vm versions 1.1.3 and earlier libXxf86dga versions 1.1.4 and earlier xcb-proto versions 1.8 and earlier libXrender versions 0.9.8 and earlier libX11-common versions 1.6.0 and earlier libXcursor-devel versions 1.1.14 and earlier libXtst-debuginfo versions 1.2.2 and earlier libXt-debuginfo versions 1.1.4 and earlier libXext-debuginfo versions 1.3.2 and earlier libXfixes-debuginfo versions 5.0.1 and earlier libXinerama-debuginfo versions 1.1.3 and earlier libXp-debuginfo versions 1.0.2 and earlier libXres-debuginfo versions 1.0.7 and earlier libXi-debuginfo versions 1.7.2 and earlier libXcursor-debuginfo versions 1.1.14 and earlier libXrandr-debuginfo versions 1.4.1 and earlier libdmx versions 1.1.3 and earlier xorg-x11-proto-devel versions 7.7 and earlier xorg-x11-xtrans-devel versions 1.3.4 and earlier libXrender-devel versions 0.9.8 and earlier libXinerama-devel versions 1.1.3 and earlier libXext-devel versions 1.3.2 and earlier libXt-devel versions 1.1.4 and earlier libXp-devel versions 1.0.2 and earlier libXfixes-devel versions 5.0.1 and earlier libXrandr-devel versions 1.4.1 and earlier libXres-devel versions 1.0.7 and earlier libXi-devel versions 1.7.2 and earlier libXcursor-devel versions 1.1.14 and earlier

Description The issue is related to multiple vulnerabilities in various packages of the Red Hat Enterprise Linux, Debian GNU/Linux, and Gentoo Linux operating systems. These vulnerabilities can be exploited remotely, leading to a breach of confidentiality, integrity, and availability of protected information. The vulnerabilities are related to integer overflows, which can cause the allocation of insufficient memory and a buffer overflow. The ( XcursorFileHeaderCreate) function is specifically mentioned as being vulnerable. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited.

Recommendations For libXcursor versions 1.1.13 and earlier, update to a version later than 1.1.13. For xorg-server versions prior to 1.14.3-r2, update to version 1.14.3-r2 or later. For libXext versions 1.3.2 and earlier, update to a version later than 1.3.2. For libX11 versions 1.6.0 and earlier, update to a version later than 1.6.0. For libXt versions 1.1.4 and earlier, update to a version later than 1.1.4. For libXfixes versions 5.0.1 and earlier, update to a version later than 5.0.1. For libXinerama versions 1.1.3 and earlier, update to a version later than 1.1.3. For libXp versions 1.0.2 and earlier, update to a version later than 1.0.2. For libXtst versions 1.2.2 and earlier, update to a version later than 1.2.2. For libXi versions 1.7.2 and earlier, update to a version later than 1.7.2. For libXres versions 1.0.7 and earlier, update to a version later than 1.0.7. For libXrandr versions 1.4.1 and earlier, update to a version later than 1.4.1. For libXv versions 1.0.9 and earlier, update to a version later than 1.0.9. For libXvMC versions 1.0.8 and earlier, update to a version later than 1.0.8. For libXxf86vm versions 1.1.3 and earlier, update to a version later than 1.1.3. For libXxf86dga versions 1.1.4 and earlier, update to a version later than 1.1.4. For xcb-proto versions 1.8 and earlier, update to a version later than 1.8. For libXrender versions 0.9.8 and earlier, update to a version later than 0.9.8. For libX11-common versions 1.6.0 and earlier, update to a version later than 1.6.0. For libXcursor-devel versions 1.1.14 and earlier, update to a version later than 1.1.14. For libXtst-debuginfo versions 1.2.2 and earlier, update to a version later than 1.2.2. For libXt-debuginfo versions 1.1.4 and earlier, update to a version later than 1.1.4. For libXext-debuginfo versions 1.3.2 and earlier, update to a version later than 1.3.2. For libXfixes-debuginfo versions 5.0.1 and earlier, update to a version later than 5.0.1. For libXinerama-debuginfo versions 1.1.3 and earlier, update to a version later than 1.1.3. For libXp-debuginfo versions 1.0.2 and earlier, update to a version later than 1.0.2. For libXres-debuginfo versions 1.0.7 and earlier, update to a version later than 1.0.7. For libXi-debuginfo versions 1.7.2 and earlier, update to a version later than 1.7.2. For libXcursor-debuginfo versions 1.1.14 and earlier, update to a version later than 1.1.14. For libXrandr-debuginfo versions 1.4.1 and earlier, update to a version later than 1.4.1. For libdmx versions 1.1.3 and earlier, update to a version later than 1.1.3. For xorg-x11-proto-devel versions 7.7 and earlier, update to a version later than 7.7. For xorg-x11-xtrans-devel versions 1.3.4 and earlier, update to a version later than 1.3.4. For libXrender-devel versions 0.9.8 and earlier, update to a version later than 0.9.8. For libXinerama-devel versions 1.1.3 and earlier, update to a version later than 1.1.3. For libXext-devel versions 1.3.2 and earlier, update to a version later than 1.3.2. For libXt-devel versions 1.1.4 and earlier, update to a version later than 1.1.4. For libXp-devel versions 1.0.2 and earlier, update to a version later than 1.0.2. For libXfixes-devel versions 5.0.1 and earlier, update to a version later than 5.0.1. For libXrandr-devel versions 1.4.1 and earlier, update to a version later than 1.4.1. For libXres-devel versions 1.0.7 and earlier, update to a version later than 1.0.7. For libXi-devel versions 1.7.2 and earlier, update to a version later than 1.7.2. For libXcursor-devel versions 1.1.14 and earlier, update to a version later than 1.1.14.