CVE-2013-1591

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Pale Moon versions prior to 15.4 libpixman version 0.26.2

Description The issue is related to a stack-based buffer overflow in libpixman, which may have unspecified impact and context-dependent attack vectors. It might be resultant from an integer overflow in the fast composite scaled bilinear function in pixman-inlines.h, triggering an infinite loop. The vulnerability can be exploited remotely and may lead to disruption of confidentiality, integrity, and availability of protected information.

Recommendations For Pale Moon versions prior to 15.4, update to version 15.4 or later. For libpixman version 0.26.2, consider disabling the fast composite scaled bilinear function as a temporary workaround until a patch is available. Restrict access to the vulnerable libpixman module to minimize the risk of exploitation.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

BDU:2015-07490

BDU:2015-07492

BDU:2015-07493

BDU:2015-08989

BDU:2015-08990

BDU:2015-08991

CESA-2013_0687

CVE-2013-1591

RHSA-2013:0687

RHSA-2013:0746

RHSA-2013_0687

SUSE-SU-2013_1373-1

Affected Products

Centos

Pale Moon

Red Hat

Suse

Libpixman

CVE-2013-1591

Weakness Enumeration

Related Identifiers

Affected Products

References · 33