CVE-2013-1994 - Vulnerability Details

Multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro in openChrome 0.3.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) uniDRIOpenConnection and (2) uniDRIGetClientDriverName functions.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openchrome	Openchrome
Redhat	Enterprise Linux
X	Libchromexvmc Libchromexvmcpro

Configuration 1 [-]

OR	cpe:2.3:a:openchrome:openchrome::::::::
	cpe:2.3:a:x:libchromexvmc:-:::::::*
	cpe:2.3:a:x:libchromexvmcpro:-:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
libdrm-0:2.4.52-4.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
libpciaccess-0:0.13.3-0.1.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
libwacom-0:0.8-1.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
mesa-0:10.1.2-2.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
mesa-private-llvm-0:3.4-3.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
pixman-0:0.32.4-4.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xcb-util-0:0.3.6-5.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xcb-util-image-0:0.3.9-4.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xcb-util-keysyms-0:0.3.9-5.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xcb-util-wm-0:0.3.9-5.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-apps-0:7.7-6.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-acecad-0:1.5.0-7.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-aiptek-0:1.4.1-5.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-apm-0:1.2.5-10.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-ast-0:0.98.0-1.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-ati-0:7.3.99-2.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-cirrus-0:1.5.2-2.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-dummy-0:0.3.6-15.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-elographics-0:1.4.1-3.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-evdev-0:2.8.2-4.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-fbdev-0:0.4.3-16.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-fpit-0:1.4.0-6.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-geode-0:2.11.15-1.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-glint-0:1.2.8-10.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-hyperpen-0:1.4.1-5.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-i128-0:1.3.6-10.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-i740-0:1.3.4-11.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-intel-0:2.99.911-6.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-keyboard-0:1.8.0-1.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-mach64-0:6.9.4-8.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-mga-0:1.6.3-5.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-modesetting-0:0.8.0-14.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-mouse-0:1.9.0-1.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-mutouch-0:1.3.0-5.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-neomagic-0:1.2.7-7.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-nouveau-1:1.0.10-1.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-nv-0:2.1.20-5.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-openchrome-0:0.3.3-6.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-penmount-0:1.5.0-5.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-qxl-0:0.1.1-15.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-r128-0:6.9.1-8.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-rendition-0:4.2.5-10.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-s3virge-0:1.10.6-10.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-savage-0:2.3.7-2.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-siliconmotion-0:1.7.7-9.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-sis-0:0.10.7-10.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-sisusb-0:0.9.6-10.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-synaptics-0:1.7.6-1.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-tdfx-0:1.4.5-10.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-trident-0:1.3.6-10.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-v4l-0:0.2.0-36.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-vesa-0:2.3.2-15.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-vmmouse-0:13.0.0-2.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-vmware-0:13.0.1-9.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-void-0:1.4.0-23.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-voodoo-0:1.2.5-10.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-wacom-0:0.23.0-4.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-drv-xgi-0:1.6.0-20.20121114git.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-glamor-0:0.6.0-5.20140506gitf78901e.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-server-0:1.15.0-22.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z
xorg-x11-server-utils-0:7.7-2.el6	cpe:/o:redhat:enterprise_linux:6	RHBA-2014:1376	2014-10-13T00:00:00Z

References

Link	Providers
http://www.debian.org/security/2013/dsa-2679
http://www.openwall.com/lists/oss-security/2013/05/23/3
http://www.ubuntu.com/usn/USN-1871-1
http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
https://nvd.nist.gov/vuln/detail/CVE-2013-1994
https://www.cve.org/CVERecord?id=CVE-2013-1994

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-06-15T19:00:00

Updated: 2024-08-06T15:20:37.415Z

Reserved: 2013-02-19T00:00:00

Link: CVE-2013-1994

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-06-15T19:55:01.180

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-1994

Redhat

Severity : Moderate

Publid Date: 2013-05-23T00:00:00Z

Links: CVE-2013-1994 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-05-23T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro in openChrome 0.3.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) uniDRIOpenConnection and (2) uniDRIGetClientDriverName functions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-06-21T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "USN-1871-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1871-1"}, {"name": "DSA-2679", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2679"}, {"name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:20:37.415Z"}, "title": "CVE Program Container", "references": [{"name": "USN-1871-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1871-1"}, {"name": "DSA-2679", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2679"}, {"name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1994", "datePublished": "2013-06-15T19:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:20:37.415Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openchrome:openchrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "0CDB035F-A219-49BB-83B3-22ABF149F010", "versionEndIncluding": "0.3.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:libchromexvmc:-:*:*:*:*:*:*:*", "matchCriteriaId": "8728EBF4-0893-40D3-9AD1-6025B2C6DB93", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:libchromexvmcpro:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC082451-46BC-46BA-A7A6-4FB3F5A1132C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro in openChrome 0.3.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) uniDRIOpenConnection and (2) uniDRIGetClientDriverName functions."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de enteros en X.org libchromeXvMC y libchromeXvMCPro en openchrome v0.3.2 y anteriores permiten que los servidores X provoquen una asignaci\u00f3n de memoria insuficiente y un desbordamiento de b\u00fafer a trav\u00e9s de vectores relacionados con las funciones (1) uniDRIOpenConnection y (2) uniDRIGetClientDriverName."}], "id": "CVE-2013-1994", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-06-15T19:55:01.180", "references": [{"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2013/dsa-2679"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1871-1"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2013/dsa-2679"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1871-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libdrm-0:2.4.52-4.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libpciaccess-0:0.13.3-0.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libwacom-0:0.8-1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "mesa-0:10.1.2-2.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "mesa-private-llvm-0:3.4-3.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "pixman-0:0.32.4-4.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xcb-util-0:0.3.6-5.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xcb-util-image-0:0.3.9-4.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xcb-util-keysyms-0:0.3.9-5.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xcb-util-wm-0:0.3.9-5.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-apps-0:7.7-6.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-acecad-0:1.5.0-7.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-aiptek-0:1.4.1-5.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-apm-0:1.2.5-10.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-ast-0:0.98.0-1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-ati-0:7.3.99-2.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-cirrus-0:1.5.2-2.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-dummy-0:0.3.6-15.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-elographics-0:1.4.1-3.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-evdev-0:2.8.2-4.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-fbdev-0:0.4.3-16.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-fpit-0:1.4.0-6.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-geode-0:2.11.15-1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-glint-0:1.2.8-10.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-hyperpen-0:1.4.1-5.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-i128-0:1.3.6-10.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-i740-0:1.3.4-11.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-intel-0:2.99.911-6.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-keyboard-0:1.8.0-1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-mach64-0:6.9.4-8.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-mga-0:1.6.3-5.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-modesetting-0:0.8.0-14.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-mouse-0:1.9.0-1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-mutouch-0:1.3.0-5.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-neomagic-0:1.2.7-7.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-nouveau-1:1.0.10-1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-nv-0:2.1.20-5.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-openchrome-0:0.3.3-6.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-penmount-0:1.5.0-5.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-qxl-0:0.1.1-15.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-r128-0:6.9.1-8.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-rendition-0:4.2.5-10.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-s3virge-0:1.10.6-10.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-savage-0:2.3.7-2.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-siliconmotion-0:1.7.7-9.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-sis-0:0.10.7-10.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-sisusb-0:0.9.6-10.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-synaptics-0:1.7.6-1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-tdfx-0:1.4.5-10.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-trident-0:1.3.6-10.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-v4l-0:0.2.0-36.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-vesa-0:2.3.2-15.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-vmmouse-0:13.0.0-2.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-vmware-0:13.0.1-9.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-void-0:1.4.0-23.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-voodoo-0:1.2.5-10.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-wacom-0:0.23.0-4.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-drv-xgi-0:1.6.0-20.20121114git.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-glamor-0:0.6.0-5.20140506gitf78901e.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-server-0:1.15.0-22.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHBA-2014:1376", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-server-utils-0:7.7-2.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}], "bugzilla": {"description": "openchrome: Multiple integer overflows leading to heap-based bufer overflows", "id": "959079", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=959079"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-190->CWE-122", "details": ["Multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro in openChrome 0.3.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) uniDRIOpenConnection and (2) uniDRIGetClientDriverName functions."], "name": "CVE-2013-1994", "public_date": "2013-05-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-1994\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1994\nhttp://www.x.org/wiki/Development/Security/Advisory-2013-05-23"], "threat_severity": "Moderate"}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object