OpenCVE

Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XcupGetReservedColormapEntries, (2) XcupStoreColors, (3) XdbeGetVisualInfo, (4) XeviGetVisualInfo, (5) XShapeGetRectangles, and (6) XSyncListSystemCounters functions.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux
X	Libxext

Configuration 1 [-]

OR	cpe:2.3:a:x:libxext::::::::
	cpe:2.3:a:x:libxext:1.0.99.2:::::::*
	cpe:2.3:a:x:libxext:1.0.99.3:::::::*
	cpe:2.3:a:x:libxext:1.0.99.4:::::::*
	cpe:2.3:a:x:libxext:1.1:::::::*
	cpe:2.3:a:x:libxext:1.1.1:::::::*
	cpe:2.3:a:x:libxext:1.1.2:::::::*
	cpe:2.3:a:x:libxext:1.2.0:::::::*
	cpe:2.3:a:x:libxext:1.3.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
libdmx-0:1.1.3-3.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libX11-0:1.6.0-2.2.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libxcb-0:1.9.1-2.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXcursor-0:1.1.14-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXext-0:1.3.2-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXfixes-0:5.0.1-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXi-0:1.7.2-2.2.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXinerama-0:1.1.3-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXp-0:1.0.2-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXrandr-0:1.4.1-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXrender-0:0.9.8-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXres-0:1.0.7-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXt-0:1.1.4-6.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXtst-0:1.2.2-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXv-0:1.0.9-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXvMC-0:1.0.8-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXxf86dga-0:1.1.4-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXxf86vm-0:1.1.3-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
xcb-proto-0:1.8-3.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
xkeyboard-config-0:2.11-1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
xorg-x11-proto-devel-0:7.7-9.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
xorg-x11-xtrans-devel-0:1.3.4-1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-updates/2013-06/msg00139.html
http://www.debian.org/security/2013/dsa-2682
http://www.openwall.com/lists/oss-security/2013/05/23/3
http://www.ubuntu.com/usn/USN-1857-1
http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
https://nvd.nist.gov/vuln/detail/CVE-2013-1982
https://www.cve.org/CVERecord?id=CVE-2013-1982

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-06-15T19:00:00

Updated: 2024-08-06T15:20:37.415Z

Reserved: 2013-02-19T00:00:00

Link: CVE-2013-1982

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-06-15T19:55:00.930

Modified: 2024-11-21T01:50:47.343

Link: CVE-2013-1982

Redhat

Severity : Moderate

Publid Date: 2013-05-23T00:00:00Z

Links: CVE-2013-1982 - Bugzilla

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object