{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-05-23T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-12-01T17:26:34", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "FEDORA-2013-9079", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106781.html"}, {"name": "USN-1854-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1854-1"}, {"name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"}, {"name": "DSA-2693", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2693"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1997", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2013-9079", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106781.html"}, {"name": "USN-1854-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1854-1"}, {"name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"}, {"name": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23", "refsource": "CONFIRM", "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"}, {"name": "DSA-2693", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2693"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:20:37.449Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2013-9079", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106781.html"}, {"name": "USN-1854-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1854-1"}, {"name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"}, {"name": "DSA-2693", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2693"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1997", "datePublished": "2013-06-15T20:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:20:37.449Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:x:libx11:*:*:*:*:*:*:*:*", "matchCriteriaId": "ABED8C73-6FF4-4AE6-A823-F1278787C354", "versionEndIncluding": "1.5.99.901", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:libx11:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8224BD23-DE40-4023-BAFB-85D41163640B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions."}, {"lang": "es", "value": "Multiples desbordamientos de b\u00fafer en X.org libX11 v1.5.99.901 (1.6 RC1) y anteriores permite a los servidores X causar una denegaci\u00f3n de servicio (por ca\u00edda del servidor) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de valores de \u00edndice o de longitud debidamente modificados en las funciones (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, y (16) XGetFontPath."}], "id": "CVE-2013-1997", "lastModified": "2013-12-01T04:27:31.263", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-06-15T20:55:00.860", "references": [{"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106781.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2013/dsa-2693"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1854-1"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libdmx-0:1.1.3-3.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libX11-0:1.6.0-2.2.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libxcb-0:1.9.1-2.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXcursor-0:1.1.14-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXext-0:1.3.2-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXfixes-0:5.0.1-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXi-0:1.7.2-2.2.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXinerama-0:1.1.3-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXp-0:1.0.2-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXrandr-0:1.4.1-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXrender-0:0.9.8-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXres-0:1.0.7-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXt-0:1.1.4-6.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXtst-0:1.2.2-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXv-0:1.0.9-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXvMC-0:1.0.8-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXxf86dga-0:1.1.4-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXxf86vm-0:1.1.3-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xcb-proto-0:1.8-3.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xkeyboard-config-0:2.11-1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-proto-devel-0:7.7-9.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-xtrans-devel-0:1.3.4-1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}], "bugzilla": {"description": "libX11: Multiple Array Index error leading to heap-based OOB write", "id": "960345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=960345"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-129->CWE-122", "details": ["Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions."], "name": "CVE-2013-1997", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "libX11", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2013-05-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-1997\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1997\nhttp://www.x.org/wiki/Development/Security/Advisory-2013-05-23"], "statement": "This issue affects the libX11 package in Red Hat Enterprise Linux 5. Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not planned to be fixed in Red Hat Enterprise Linux 5 as it is now in Production 3 Phase of the support and maintenance life cycle: https://access.redhat.com/support/policy/updates/errata/", "threat_severity": "Moderate", "upstream_fix": "libX11 1.5.99.902 (1.6 RC2)"}