CVE-2013-2005

Name of the Vulnerable Software and Affected Versions xorg-server versions prior to 1.14.3-r2 libXt versions prior to 1.1.4 libXext versions prior to 1.3.2 libX11 versions prior to 1.6.0 libXtst versions prior to 1.2.2 libXi versions prior to 1.7.2 libXres versions prior to 1.0.7 libXrandr versions prior to 1.4.1 libXv versions prior to 1.0.9 libXcursor versions prior to 1.1.14 libXfixes versions prior to 5.0.1 libXinerama versions prior to 1.1.3 libXp versions prior to 1.0.2 libXxf86vm versions prior to 1.1.3 libXxf86dga versions prior to 1.1.4 xcb-proto versions prior to 1.8 libXrender versions prior to 0.9.8 libXvMC versions prior to 1.0.8 xkeyboard-config versions prior to 2.11 xorg-x11-xtrans-devel versions prior to 1.3.4 xorg-x11-proto-devel versions prior to 7.7 libdmx versions prior to 1.1.3

Description The issue affects multiple packages in Red Hat Enterprise Linux and Gentoo Linux, allowing for remote exploitation that may lead to confidentiality, integrity, and availability breaches. The vulnerabilities can be triggered via various functions, including the XGetWindowProperty function, which does not check the return value, allowing X servers to cause memory corruption. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For xorg-server versions prior to 1.14.3-r2, update to version 1.14.3-r2 or later. For libXt versions prior to 1.1.4, update to version 1.1.4 or later. For libXext versions prior to 1.3.2, update to version 1.3.2 or later. For libX11 versions prior to 1.6.0, update to version 1.6.0 or later. For libXtst versions prior to 1.2.2, update to version 1.2.2 or later. For libXi versions prior to 1.7.2, update to version 1.7.2 or later. For libXres versions prior to 1.0.7, update to version 1.0.7 or later. For libXrandr versions prior to 1.4.1, update to version 1.4.1 or later. For libXv versions prior to 1.0.9, update to version 1.0.9 or later. For libXcursor versions prior to 1.1.14, update to version 1.1.14 or later. For libXfixes versions prior to 5.0.1, update to version 5.0.1 or later. For libXinerama versions prior to 1.1.3, update to version 1.1.3 or later. For libXp versions prior to 1.0.2, update to version 1.0.2 or later. For libXxf86vm versions prior to 1.1.3, update to version 1.1.3 or later. For libXxf86dga versions prior to 1.1.4, update to version 1.1.4 or later. For xcb-proto versions prior to 1.8, update to version 1.8 or later. For libXrender versions prior to 0.9.8, update to version 0.9.8 or later. For libXvMC versions prior to 1.0.8, update to version 1.0.8 or later. For xkeyboard-config versions prior to 2.11, update to version 2.11 or later. For xorg-x11-xtrans-devel versions prior to 1.3.4, update to version 1.3.4 or later. For xorg-x11-proto-devel versions prior to 7.7, update to version 7.7 or later. For libdmx versions prior to 1.1.3, update to version 1.1.3 or later. As a temporary workaround, consider disabling the vulnerable functions until a patch is available. Restrict access to the vulnerable modules to minimize the risk of exploitation. Avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved.