CVE-2013-2004 - Vulnerability Details

Vendors	Products
Redhat	Enterprise Linux
X	Libx11

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
libdmx-0:1.1.3-3.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libX11-0:1.6.0-2.2.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libxcb-0:1.9.1-2.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXcursor-0:1.1.14-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXext-0:1.3.2-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXfixes-0:5.0.1-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXi-0:1.7.2-2.2.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXinerama-0:1.1.3-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXp-0:1.0.2-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXrandr-0:1.4.1-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXrender-0:0.9.8-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXres-0:1.0.7-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXt-0:1.1.4-6.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXtst-0:1.2.2-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXv-0:1.0.9-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXvMC-0:1.0.8-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXxf86dga-0:1.1.4-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
libXxf86vm-0:1.1.3-2.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
xcb-proto-0:1.8-3.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
xkeyboard-config-0:2.11-1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
xorg-x11-proto-devel-0:7.7-9.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z
xorg-x11-xtrans-devel-0:1.3.4-1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1436	2014-10-13T00:00:00Z

Link	Providers
http://www.debian.org/security/2013/dsa-2693
http://www.openwall.com/lists/oss-security/2013/05/23/3
http://www.ubuntu.com/usn/USN-1854-1
http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
https://nvd.nist.gov/vuln/detail/CVE-2013-2004
https://www.cve.org/CVERecord?id=CVE-2013-2004

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-05-23T00:00:00", "descriptions": [{"lang": "en", "value": "The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-06-21T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "USN-1854-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1854-1"}, {"name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues  in X Window System client libraries", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"}, {"name": "DSA-2693", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2693"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2004", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-1854-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1854-1"}, {"name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues  in X Window System client libraries", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"}, {"name": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23", "refsource": "CONFIRM", "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"}, {"name": "DSA-2693", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2693"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:20:37.362Z"}, "title": "CVE Program Container", "references": [{"name": "USN-1854-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1854-1"}, {"name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues  in X Window System client libraries", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"}, {"name": "DSA-2693", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2693"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2004", "datePublished": "2013-06-15T20:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:20:37.362Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2013-05-23T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2013-06-21T09:00:00 (string)

orgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

shortName : redhat (string)

}

references : [ »

0 : { »

name : USN-1854-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-1854-1 (string)

}

1 : { »

name : [oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://www.openwall.com/lists/oss-security/2013/05/23/3 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 (string)

}

3 : { »

name : DSA-2693 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2013/dsa-2693 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secalert@redhat.com (string)

ID : CVE-2013-2004 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : USN-1854-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-1854-1 (string)

}

1 : { »

name : [oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries (string)

refsource : MLIST (string)

url : http://www.openwall.com/lists/oss-security/2013/05/23/3 (string)

}

2 : { »

name : http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 (string)

refsource : CONFIRM (string)

url : http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 (string)

}

3 : { »

name : DSA-2693 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2013/dsa-2693 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T15:20:37.362Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : USN-1854-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-1854-1 (string)

}

1 : { »

name : [oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://www.openwall.com/lists/oss-security/2013/05/23/3 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 (string)

}

3 : { »

name : DSA-2693 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2013/dsa-2693 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

assignerShortName : redhat (string)

cveId : CVE-2013-2004 (string)

datePublished : 2013-06-15T20:00:00 (string)

dateReserved : 2013-02-19T00:00:00 (string)

dateUpdated : 2024-08-06T15:20:37.362Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:x:libx11:*:*:*:*:*:*:*:*", "matchCriteriaId": "ABED8C73-6FF4-4AE6-A823-F1278787C354", "versionEndIncluding": "1.5.99.901", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:libx11:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8224BD23-DE40-4023-BAFB-85D41163640B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file."}, {"lang": "es", "value": "Las funciones (1) GetDatabase y (2)  _XimParseStringFile en X.org libX11 v1.5.99.901 (1.6 RC1) y anteriores no limitan la profundidad de recursividad en el tratamiento de las directivas de inclusi\u00f3n de archivos, lo que permite causar una denegaci\u00f3n de servicio a los servidores X (por consumo de pila) a trav\u00e9s de un archivo dise\u00f1ado para tal fin."}], "id": "CVE-2013-2004", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-06-15T20:55:00.993", "references": [{"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2013/dsa-2693"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1854-1"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2013/dsa-2693"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1854-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:x:libx11:*:*:*:*:*:*:*:* (string)

matchCriteriaId : ABED8C73-6FF4-4AE6-A823-F1278787C354 (string)

versionEndIncluding : 1.5.99.901 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:x:libx11:1.5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 8224BD23-DE40-4023-BAFB-85D41163640B (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file. (string)

}

1 : { »

lang : es (string)

value : Las funciones (1) GetDatabase y (2) _XimParseStringFile en X.org libX11 v1.5.99.901 (1.6 RC1) y anteriores no limitan la profundidad de recursividad en el tratamiento de las directivas de inclusión de archivos, lo que permite causar una denegación de servicio a los servidores X (por consumo de pila) a través de un archivo diseñado para tal fin. (string)

}

]

id : CVE-2013-2004 (string)

lastModified : 2025-04-11T00:51:21.963 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.8 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2013-06-15T20:55:00.993 (string)

references : [ »

0 : { »

source : secalert@redhat.com (string)

url : http://www.debian.org/security/2013/dsa-2693 (string)

}

1 : { »

source : secalert@redhat.com (string)

url : http://www.openwall.com/lists/oss-security/2013/05/23/3 (string)

}

2 : { »

source : secalert@redhat.com (string)

url : http://www.ubuntu.com/usn/USN-1854-1 (string)

}

3 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.debian.org/security/2013/dsa-2693 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.openwall.com/lists/oss-security/2013/05/23/3 (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.ubuntu.com/usn/USN-1854-1 (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 (string)

}

]

sourceIdentifier : secalert@redhat.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-119 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libdmx-0:1.1.3-3.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libX11-0:1.6.0-2.2.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libxcb-0:1.9.1-2.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXcursor-0:1.1.14-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXext-0:1.3.2-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXfixes-0:5.0.1-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXi-0:1.7.2-2.2.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXinerama-0:1.1.3-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXp-0:1.0.2-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXrandr-0:1.4.1-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXrender-0:0.9.8-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXres-0:1.0.7-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXt-0:1.1.4-6.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXtst-0:1.2.2-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXv-0:1.0.9-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXvMC-0:1.0.8-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXxf86dga-0:1.1.4-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libXxf86vm-0:1.1.3-2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xcb-proto-0:1.8-3.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xkeyboard-config-0:2.11-1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-proto-devel-0:7.7-9.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1436", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-xtrans-devel-0:1.3.4-1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}], "bugzilla": {"description": "libX11: unbounded recursion leading to stack-overflow", "id": "959112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=959112"}, "csaw": false, "cvss": {"cvss_base_score": "1.8", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-835->CWE-121", "details": ["The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file.", "Two stack-based buffer overflow flaws were found in the way libX11, the Core X11 protocol client library, processed certain user-specified files. A malicious X11 server could possibly use this flaw to crash an X11 client via a specially crafted file."], "name": "CVE-2013-2004", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "libX11", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2013-05-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-2004\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2004\nhttp://www.x.org/wiki/Development/Security/Advisory-2013-05-23"], "statement": "This issue affects the libX11 package in Red Hat Enterprise Linux 5. Red Hat Product Security has rated this issue as having Low security impact. This issue is not planned to be fixed in Red Hat Enterprise Linux 5 as it is now in Production 3 Phase of the support and maintenance life cycle: https://access.redhat.com/support/policy/updates/errata/", "threat_severity": "Low"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2014:1436 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : libdmx-0:1.1.3-3.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-13T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2014:1436 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : libX11-0:1.6.0-2.2.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-13T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2014:1436 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : libxcb-0:1.9.1-2.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-13T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2014:1436 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : libXcursor-0:1.1.14-2.1.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-13T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2014:1436 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : libXext-0:1.3.2-2.1.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-13T00:00:00Z (string)

}

5 : { »

advisory : RHSA-2014:1436 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : libXfixes-0:5.0.1-2.1.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-13T00:00:00Z (string)

}

6 : { »

advisory : RHSA-2014:1436 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : libXi-0:1.7.2-2.2.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-13T00:00:00Z (string)

}

7 : { »

advisory : RHSA-2014:1436 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : libXinerama-0:1.1.3-2.1.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-13T00:00:00Z (string)

}

8 : { »

advisory : RHSA-2014:1436 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : libXp-0:1.0.2-2.1.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-13T00:00:00Z (string)

}

9 : { »

advisory : RHSA-2014:1436 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : libXrandr-0:1.4.1-2.1.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-13T00:00:00Z (string)

}

10 : { »

advisory : RHSA-2014:1436 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : libXrender-0:0.9.8-2.1.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-13T00:00:00Z (string)

}

11 : { »

advisory : RHSA-2014:1436 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : libXres-0:1.0.7-2.1.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-13T00:00:00Z (string)

}

12 : { »

advisory : RHSA-2014:1436 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : libXt-0:1.1.4-6.1.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-13T00:00:00Z (string)

}

13 : { »

advisory : RHSA-2014:1436 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : libXtst-0:1.2.2-2.1.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-13T00:00:00Z (string)

}

14 : { »

advisory : RHSA-2014:1436 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : libXv-0:1.0.9-2.1.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-13T00:00:00Z (string)

}

15 : { »

advisory : RHSA-2014:1436 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : libXvMC-0:1.0.8-2.1.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-13T00:00:00Z (string)

}

16 : { »

advisory : RHSA-2014:1436 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : libXxf86dga-0:1.1.4-2.1.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-13T00:00:00Z (string)

}

17 : { »

advisory : RHSA-2014:1436 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : libXxf86vm-0:1.1.3-2.1.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-13T00:00:00Z (string)

}

18 : { »

advisory : RHSA-2014:1436 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : xcb-proto-0:1.8-3.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-13T00:00:00Z (string)

}

19 : { »

advisory : RHSA-2014:1436 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : xkeyboard-config-0:2.11-1.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-13T00:00:00Z (string)

}

20 : { »

advisory : RHSA-2014:1436 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : xorg-x11-proto-devel-0:7.7-9.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-13T00:00:00Z (string)

}

21 : { »

advisory : RHSA-2014:1436 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : xorg-x11-xtrans-devel-0:1.3.4-1.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-13T00:00:00Z (string)

}

]

bugzilla : { »

description : libX11: unbounded recursion leading to stack-overflow (string)

id : 959112 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=959112 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 1.8 (string)

cvss_scoring_vector : AV:A/AC:H/Au:N/C:N/I:N/A:P (string)

status : verified (string)

}

cwe : CWE-835->CWE-121 (string)

details : [ »

0 : The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file. (string)

1 : Two stack-based buffer overflow flaws were found in the way libX11, the Core X11 protocol client library, processed certain user-specified files. A malicious X11 server could possibly use this flaw to crash an X11 client via a specially crafted file. (string)

]

name : CVE-2013-2004 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Will not fix (string)

package_name : libX11 (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

]

public_date : 2013-05-23T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2013-2004 https://nvd.nist.gov/vuln/detail/CVE-2013-2004 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 (string)

]

statement : This issue affects the libX11 package in Red Hat Enterprise Linux 5. Red Hat Product Security has rated this issue as having Low security impact. This issue is not planned to be fixed in Red Hat Enterprise Linux 5 as it is now in Production 3 Phase of the support and maintenance life cycle: https://access.redhat.com/support/policy/updates/errata/ (string)

threat_severity : Low (string)

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object