ID CVE-2013-1986
Summary Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions.
References
Vulnerable Configurations
  • cpe:2.3:a:x:libxrandr:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxrandr:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxrandr:1.2.99.1:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxrandr:1.2.99.1:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxrandr:1.2.99.2:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxrandr:1.2.99.2:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxrandr:1.2.99.3:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxrandr:1.2.99.3:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxrandr:1.2.99.4:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxrandr:1.2.99.4:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxrandr:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxrandr:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxrandr:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxrandr:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxrandr:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxrandr:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxrandr:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxrandr:1.4.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 01-12-2013 - 04:27)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
rpms
  • libX11-0:1.6.0-2.2.el6
  • libX11-common-0:1.6.0-2.2.el6
  • libX11-debuginfo-0:1.6.0-2.2.el6
  • libX11-devel-0:1.6.0-2.2.el6
  • libXcursor-0:1.1.14-2.1.el6
  • libXcursor-debuginfo-0:1.1.14-2.1.el6
  • libXcursor-devel-0:1.1.14-2.1.el6
  • libXext-0:1.3.2-2.1.el6
  • libXext-debuginfo-0:1.3.2-2.1.el6
  • libXext-devel-0:1.3.2-2.1.el6
  • libXfixes-0:5.0.1-2.1.el6
  • libXfixes-debuginfo-0:5.0.1-2.1.el6
  • libXfixes-devel-0:5.0.1-2.1.el6
  • libXi-0:1.7.2-2.2.el6
  • libXi-debuginfo-0:1.7.2-2.2.el6
  • libXi-devel-0:1.7.2-2.2.el6
  • libXinerama-0:1.1.3-2.1.el6
  • libXinerama-debuginfo-0:1.1.3-2.1.el6
  • libXinerama-devel-0:1.1.3-2.1.el6
  • libXp-0:1.0.2-2.1.el6
  • libXp-debuginfo-0:1.0.2-2.1.el6
  • libXp-devel-0:1.0.2-2.1.el6
  • libXrandr-0:1.4.1-2.1.el6
  • libXrandr-debuginfo-0:1.4.1-2.1.el6
  • libXrandr-devel-0:1.4.1-2.1.el6
  • libXrender-0:0.9.8-2.1.el6
  • libXrender-debuginfo-0:0.9.8-2.1.el6
  • libXrender-devel-0:0.9.8-2.1.el6
  • libXres-0:1.0.7-2.1.el6
  • libXres-debuginfo-0:1.0.7-2.1.el6
  • libXres-devel-0:1.0.7-2.1.el6
  • libXt-0:1.1.4-6.1.el6
  • libXt-debuginfo-0:1.1.4-6.1.el6
  • libXt-devel-0:1.1.4-6.1.el6
  • libXtst-0:1.2.2-2.1.el6
  • libXtst-debuginfo-0:1.2.2-2.1.el6
  • libXtst-devel-0:1.2.2-2.1.el6
  • libXv-0:1.0.9-2.1.el6
  • libXv-debuginfo-0:1.0.9-2.1.el6
  • libXv-devel-0:1.0.9-2.1.el6
  • libXvMC-0:1.0.8-2.1.el6
  • libXvMC-debuginfo-0:1.0.8-2.1.el6
  • libXvMC-devel-0:1.0.8-2.1.el6
  • libXxf86dga-0:1.1.4-2.1.el6
  • libXxf86dga-debuginfo-0:1.1.4-2.1.el6
  • libXxf86dga-devel-0:1.1.4-2.1.el6
  • libXxf86vm-0:1.1.3-2.1.el6
  • libXxf86vm-debuginfo-0:1.1.3-2.1.el6
  • libXxf86vm-devel-0:1.1.3-2.1.el6
  • libdmx-0:1.1.3-3.el6
  • libdmx-debuginfo-0:1.1.3-3.el6
  • libdmx-devel-0:1.1.3-3.el6
  • libxcb-0:1.9.1-2.el6
  • libxcb-debuginfo-0:1.9.1-2.el6
  • libxcb-devel-0:1.9.1-2.el6
  • libxcb-doc-0:1.9.1-2.el6
  • libxcb-python-0:1.9.1-2.el6
  • xcb-proto-0:1.8-3.el6
  • xkeyboard-config-0:2.11-1.el6
  • xkeyboard-config-devel-0:2.11-1.el6
  • xorg-x11-proto-devel-0:7.7-9.el6
  • xorg-x11-xtrans-devel-0:1.3.4-1.el6
refmap via4
confirm http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
debian DSA-2684
fedora FEDORA-2013-9056
mlist [oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries
suse openSUSE-SU-2013:1028
ubuntu USN-1862-1
Last major update 01-12-2013 - 04:27
Published 15-06-2013 - 19:55
Last modified 01-12-2013 - 04:27
Back to Top