ID CVE-2013-6424
Summary Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
References
Vulnerable Configurations
  • cpe:2.3:a:x:x_server:-:*:*:*:*:*:*:*
    cpe:2.3:a:x:x_server:-:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 31-10-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1037984
title CVE-2013-6424 xorg-x11-server: integer underflow when handling trapezoids
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment xorg-x11-server-Xdmx is earlier than 0:1.1.1-48.101.el5_10.2
          oval oval:com.redhat.rhsa:tst:20131868004
        • comment xorg-x11-server-Xdmx is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127003
      • AND
        • comment xorg-x11-server-Xephyr is earlier than 0:1.1.1-48.101.el5_10.2
          oval oval:com.redhat.rhsa:tst:20131868002
        • comment xorg-x11-server-Xephyr is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127011
      • AND
        • comment xorg-x11-server-Xnest is earlier than 0:1.1.1-48.101.el5_10.2
          oval oval:com.redhat.rhsa:tst:20131868014
        • comment xorg-x11-server-Xnest is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127013
      • AND
        • comment xorg-x11-server-Xorg is earlier than 0:1.1.1-48.101.el5_10.2
          oval oval:com.redhat.rhsa:tst:20131868012
        • comment xorg-x11-server-Xorg is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127007
      • AND
        • comment xorg-x11-server-Xvfb is earlier than 0:1.1.1-48.101.el5_10.2
          oval oval:com.redhat.rhsa:tst:20131868006
        • comment xorg-x11-server-Xvfb is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127009
      • AND
        • comment xorg-x11-server-Xvnc-source is earlier than 0:1.1.1-48.101.el5_10.2
          oval oval:com.redhat.rhsa:tst:20131868008
        • comment xorg-x11-server-Xvnc-source is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100382007
      • AND
        • comment xorg-x11-server-sdk is earlier than 0:1.1.1-48.101.el5_10.2
          oval oval:com.redhat.rhsa:tst:20131868010
        • comment xorg-x11-server-sdk is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127005
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment xorg-x11-server-Xdmx is earlier than 0:1.13.0-23.1.el6_5
          oval oval:com.redhat.rhsa:tst:20131868026
        • comment xorg-x11-server-Xdmx is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376186
      • AND
        • comment xorg-x11-server-Xephyr is earlier than 0:1.13.0-23.1.el6_5
          oval oval:com.redhat.rhsa:tst:20131868028
        • comment xorg-x11-server-Xephyr is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376190
      • AND
        • comment xorg-x11-server-Xnest is earlier than 0:1.13.0-23.1.el6_5
          oval oval:com.redhat.rhsa:tst:20131868030
        • comment xorg-x11-server-Xnest is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376196
      • AND
        • comment xorg-x11-server-Xorg is earlier than 0:1.13.0-23.1.el6_5
          oval oval:com.redhat.rhsa:tst:20131868024
        • comment xorg-x11-server-Xorg is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376194
      • AND
        • comment xorg-x11-server-Xvfb is earlier than 0:1.13.0-23.1.el6_5
          oval oval:com.redhat.rhsa:tst:20131868020
        • comment xorg-x11-server-Xvfb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376200
      • AND
        • comment xorg-x11-server-common is earlier than 0:1.13.0-23.1.el6_5
          oval oval:com.redhat.rhsa:tst:20131868034
        • comment xorg-x11-server-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376192
      • AND
        • comment xorg-x11-server-devel is earlier than 0:1.13.0-23.1.el6_5
          oval oval:com.redhat.rhsa:tst:20131868032
        • comment xorg-x11-server-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376198
      • AND
        • comment xorg-x11-server-source is earlier than 0:1.13.0-23.1.el6_5
          oval oval:com.redhat.rhsa:tst:20131868022
        • comment xorg-x11-server-source is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376188
rhsa
id RHSA-2013:1868
released 2013-12-20
severity Important
title RHSA-2013:1868: xorg-x11-server security update (Important)
rpms
  • xorg-x11-server-Xdmx-0:1.1.1-48.101.el5_10.2
  • xorg-x11-server-Xephyr-0:1.1.1-48.101.el5_10.2
  • xorg-x11-server-Xnest-0:1.1.1-48.101.el5_10.2
  • xorg-x11-server-Xorg-0:1.1.1-48.101.el5_10.2
  • xorg-x11-server-Xvfb-0:1.1.1-48.101.el5_10.2
  • xorg-x11-server-Xvnc-source-0:1.1.1-48.101.el5_10.2
  • xorg-x11-server-sdk-0:1.1.1-48.101.el5_10.2
  • xorg-x11-server-Xdmx-0:1.13.0-23.1.el6_5
  • xorg-x11-server-Xephyr-0:1.13.0-23.1.el6_5
  • xorg-x11-server-Xnest-0:1.13.0-23.1.el6_5
  • xorg-x11-server-Xorg-0:1.13.0-23.1.el6_5
  • xorg-x11-server-Xvfb-0:1.13.0-23.1.el6_5
  • xorg-x11-server-common-0:1.13.0-23.1.el6_5
  • xorg-x11-server-devel-0:1.13.0-23.1.el6_5
  • xorg-x11-server-source-0:1.13.0-23.1.el6_5
refmap via4
confirm
debian DSA-2822
gentoo
  • GLSA-201701-64
  • GLSA-201710-30
mlist
  • [oss-security] 20131203 CVE Request: xorg-server and pixman
  • [oss-security] 20131204 Re: CVE Request: xorg-server and pixman
  • [xorg-devel] 20131002 [PATCH] exa: only draw valid trapezoids
suse openSUSE-SU-2013:1965
ubuntu USN-2500-1
Last major update 31-10-2017 - 01:29
Published 18-01-2014 - 19:55
Back to Top