ID CVE-2013-1591
Summary Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop.
References
Vulnerable Configurations
  • Red Hat Enterprise Virtualization (RHEV) 3.0
    cpe:2.3:a:redhat:enterprise_virtualization:3.0
  • Red Hat Enterprise Linux 6.0
    cpe:2.3:o:redhat:enterprise_linux:6.0
  • Pale Moon 4.0
    cpe:2.3:a:palemoon:pale_moon:4.0
  • Pale Moon 4.0.3
    cpe:2.3:a:palemoon:pale_moon:4.0.3
  • Pale Moon 4.0.5
    cpe:2.3:a:palemoon:pale_moon:4.0.5
  • Pale Moon 4.0.6
    cpe:2.3:a:palemoon:pale_moon:4.0.6
  • Pale Moon 4.0.7
    cpe:2.3:a:palemoon:pale_moon:4.0.7
  • Pale Moon 5.0
    cpe:2.3:a:palemoon:pale_moon:5.0
  • Pale Moon 6.0
    cpe:2.3:a:palemoon:pale_moon:6.0
  • Pale Moon 6.0.2
    cpe:2.3:a:palemoon:pale_moon:6.0.2
  • Pale Moon 7.0
    cpe:2.3:a:palemoon:pale_moon:7.0
  • Pale Moon 7.0.1
    cpe:2.3:a:palemoon:pale_moon:7.0.1
  • Pale Moon 9.0
    cpe:2.3:a:palemoon:pale_moon:9.0
  • Pale Moon 9.0.1
    cpe:2.3:a:palemoon:pale_moon:9.0.1
  • Pale Moon 9.1
    cpe:2.3:a:palemoon:pale_moon:9.1
  • Pale Moon 9.2
    cpe:2.3:a:palemoon:pale_moon:9.2
  • Pale Moon 11.0
    cpe:2.3:a:palemoon:pale_moon:11.0
  • Pale Moon 11.0.1
    cpe:2.3:a:palemoon:pale_moon:11.0.1
  • Pale Moon 12.0
    cpe:2.3:a:palemoon:pale_moon:12.0
  • Pale Moon 12.1
    cpe:2.3:a:palemoon:pale_moon:12.1
  • Pale Moon 12.2
    cpe:2.3:a:palemoon:pale_moon:12.2
  • Pale Moon 12.2.1
    cpe:2.3:a:palemoon:pale_moon:12.2.1
  • Pale Moon 12.3
    cpe:2.3:a:palemoon:pale_moon:12.3
  • Pale Moon 12.3 R2
    cpe:2.3:a:palemoon:pale_moon:12.3:r2
  • Pale Moon 15.0
    cpe:2.3:a:palemoon:pale_moon:15.0
  • Pale Moon 15.1
    cpe:2.3:a:palemoon:pale_moon:15.1
  • Pale Moon 15.1.1
    cpe:2.3:a:palemoon:pale_moon:15.1.1
  • Pale Moon 15.2
    cpe:2.3:a:palemoon:pale_moon:15.2
  • Pale Moon 15.2.1
    cpe:2.3:a:palemoon:pale_moon:15.2.1
  • Pale Moon 15.3
    cpe:2.3:a:palemoon:pale_moon:15.3
  • Pale Moon 15.3.1
    cpe:2.3:a:palemoon:pale_moon:15.3.1
  • Pale Moon 15.3.2
    cpe:2.3:a:palemoon:pale_moon:15.3.2
CVSS
Base: 10.0 (as of 07-10-2013 - 15:46)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBPIXMAN-1-0-130726.NASL
    description A stack-based buffer overflow in the pixman library has been fixed. (CVE-2013-1591)
    last seen 2018-09-01
    modified 2013-10-25
    plugin id 69457
    published 2013-08-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69457
    title SuSE 11.3 Security Update : libpixman (SAT Patch Number 8119)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0687.NASL
    description From Red Hat Security Advisory 2013:0687 : Updated pixman packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow flaw was discovered in one of pixman's manipulation routines. If a remote attacker could trick an application using pixman into performing a certain manipulation, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1591) Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All applications using pixman must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68798
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68798
    title Oracle Linux 6 : pixman (ELSA-2013-0687)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0687.NASL
    description Updated pixman packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow flaw was discovered in one of pixman's manipulation routines. If a remote attacker could trick an application using pixman into performing a certain manipulation, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1591) Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All applications using pixman must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 65725
    published 2013-03-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65725
    title CentOS 6 : pixman (CESA-2013:0687)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-116.NASL
    description Updated pixman packages fix security vulnerability : Stack-based buffer overflow in libpixman has unspecified impact and attack vectors (CVE-2013-1591).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 66128
    published 2013-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66128
    title Mandriva Linux Security Advisory : pixman (MDVSA-2013:116)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0687.NASL
    description Updated pixman packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow flaw was discovered in one of pixman's manipulation routines. If a remote attacker could trick an application using pixman into performing a certain manipulation, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1591) Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All applications using pixman must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 65714
    published 2013-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65714
    title RHEL 6 : pixman (RHSA-2013:0687)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-686.NASL
    description libpixman was updated to fix a stack based buffer overflow (CVE-2013-1591).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75131
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75131
    title openSUSE Security Update : pixman (openSUSE-SU-2013:1421-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130327_PIXMAN_ON_SL6_X.NASL
    description An integer overflow flaw was discovered in one of pixman's manipulation routines. If a remote attacker could trick an application using pixman into performing a certain manipulation, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1591) All applications using pixman must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 65716
    published 2013-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65716
    title Scientific Linux Security Update : pixman on SL6.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-2450.NASL
    description Update to pixman 0.28 to address CVE-2013-1591 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-09
    plugin id 64974
    published 2013-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64974
    title Fedora 17 : pixman-0.28.0-1.fc17 (2013-2450)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-2414.NASL
    description Update to pixman 0.28 to address CVE-2013-1591 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 64900
    published 2013-02-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64900
    title Fedora 18 : pixman-0.28.0-1.fc18 (2013-2414)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0746.NASL
    description An updated rhev-hypervisor6 package that fixes several security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way KVM handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level. (CVE-2013-1796) A potential use-after-free flaw was found in the way KVM handled guest time updates when the GPA (guest physical address) the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a movable or removable memory region of the hosting user-space process (by default, QEMU-KVM) on the host. If that memory region is deregistered from KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory reused, a privileged guest user could potentially use this flaw to escalate their privileges on the host. (CVE-2013-1797) A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable Interrupt Controller). A missing validation check in the ioapic_read_indirect() function could allow a privileged guest user to crash the host, or read a substantial portion of host kernel memory. (CVE-2013-1798) An integer overflow flaw was discovered in one of pixman's manipulation routines. If a remote attacker could trick an application using pixman into performing a certain manipulation, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1591) Red Hat would like to thank Andrew Honig of Google for reporting CVE-2013-1796, CVE-2013-1797, and CVE-2013-1798. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2013-2266 (a bind issue) CVE-2012-5195, CVE-2012-5526, CVE-2012-6329, and CVE-2013-1667 (perl issues) This update contains the fixes from the following errata : ovirt-node: RHBA-2013:0745 libvirt: RHBA-2013:0725 vdsm: RHBA-2013:0704 kernel: RHSA-2013:0744 Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects these issues.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 78955
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78955
    title RHEL 6 : rhev-hypervisor6 (RHSA-2013:0746)
redhat via4
advisories
  • bugzilla
    id 910149
    title CVE-2013-1591 pixman: stack-based buffer overflow
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment pixman is earlier than 0:0.26.2-5.el6_4
          oval oval:com.redhat.rhsa:tst:20130687005
        • comment pixman is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130687006
      • AND
        • comment pixman-devel is earlier than 0:0.26.2-5.el6_4
          oval oval:com.redhat.rhsa:tst:20130687007
        • comment pixman-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130687008
    rhsa
    id RHSA-2013:0687
    released 2013-03-27
    severity Moderate
    title RHSA-2013:0687: pixman security update (Moderate)
  • rhsa
    id RHSA-2013:0746
rpms
  • pixman-0:0.26.2-5.el6_4
  • pixman-devel-0:0.26.2-5.el6_4
refmap via4
confirm
mandriva MDVSA-2013:116
misc http://cgit.freedesktop.org/pixman/commit/?id=de60e2e0e3eb6084f8f14b63f25b3cbfb012943f
Last major update 30-01-2014 - 00:09
Published 31-01-2013 - 18:55
Last modified 22-04-2019 - 13:48
Back to Top