CVE-2013-1993

Name of the Vulnerable Software and Affected Versions Mesa versions prior to 9.1.1 Mesa versions 6.5.1 Mesa-libGL versions 6.5.1 through 9.0 Mesa-libGLU versions 6.5.1 through 9.0 Mesa-libOSMesa versions 6.5.1 through 9.0 xorg-server versions prior to 1.14.3-r2

Description The issue is related to multiple integer overflows in X.org libGLX in Mesa, which can lead to the allocation of insufficient memory and a buffer overflow. This can be triggered by vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions. The vulnerability can be exploited remotely, potentially leading to a disruption of confidentiality, integrity, and availability of protected information.

Recommendations For Mesa versions prior to 9.1.1, update to version 9.1.1 or later. For Mesa versions 6.5.1, update to a newer version. For Mesa-libGL versions 6.5.1 through 9.0, update to version 9.0 or later. For Mesa-libGLU versions 6.5.1 through 9.0, update to version 9.0 or later. For Mesa-libOSMesa versions 6.5.1 through 9.0, update to version 9.0 or later. For xorg-server versions prior to 1.14.3-r2, update to version 1.14.3-r2 or later. As a temporary workaround, consider disabling the XF86DRIOpenConnection and XF86DRIGetClientDriverName functions until a patch is available.