ID CVE-2013-6424
Summary Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
References
Vulnerable Configurations
  • cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*
    cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 24-08-2020 - 16:52)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1037984
title CVE-2013-6424 xorg-x11-server: integer underflow when handling trapezoids
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • comment xorg-x11-server-Xdmx is earlier than 0:1.1.1-48.101.el5_10.2
          oval oval:com.redhat.rhsa:tst:20131868001
        • comment xorg-x11-server-Xdmx is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127002
      • AND
        • comment xorg-x11-server-Xephyr is earlier than 0:1.1.1-48.101.el5_10.2
          oval oval:com.redhat.rhsa:tst:20131868003
        • comment xorg-x11-server-Xephyr is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127004
      • AND
        • comment xorg-x11-server-Xnest is earlier than 0:1.1.1-48.101.el5_10.2
          oval oval:com.redhat.rhsa:tst:20131868005
        • comment xorg-x11-server-Xnest is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127006
      • AND
        • comment xorg-x11-server-Xorg is earlier than 0:1.1.1-48.101.el5_10.2
          oval oval:com.redhat.rhsa:tst:20131868007
        • comment xorg-x11-server-Xorg is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127008
      • AND
        • comment xorg-x11-server-Xvfb is earlier than 0:1.1.1-48.101.el5_10.2
          oval oval:com.redhat.rhsa:tst:20131868009
        • comment xorg-x11-server-Xvfb is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127010
      • AND
        • comment xorg-x11-server-Xvnc-source is earlier than 0:1.1.1-48.101.el5_10.2
          oval oval:com.redhat.rhsa:tst:20131868011
        • comment xorg-x11-server-Xvnc-source is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100382012
      • AND
        • comment xorg-x11-server-sdk is earlier than 0:1.1.1-48.101.el5_10.2
          oval oval:com.redhat.rhsa:tst:20131868013
        • comment xorg-x11-server-sdk is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127012
  • AND
    • comment Red Hat Enterprise Linux 6 is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • comment xorg-x11-server-Xdmx is earlier than 0:1.13.0-23.1.el6_5
          oval oval:com.redhat.rhsa:tst:20131868016
        • comment xorg-x11-server-Xdmx is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376182
      • AND
        • comment xorg-x11-server-Xephyr is earlier than 0:1.13.0-23.1.el6_5
          oval oval:com.redhat.rhsa:tst:20131868018
        • comment xorg-x11-server-Xephyr is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376184
      • AND
        • comment xorg-x11-server-Xnest is earlier than 0:1.13.0-23.1.el6_5
          oval oval:com.redhat.rhsa:tst:20131868020
        • comment xorg-x11-server-Xnest is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376186
      • AND
        • comment xorg-x11-server-Xorg is earlier than 0:1.13.0-23.1.el6_5
          oval oval:com.redhat.rhsa:tst:20131868022
        • comment xorg-x11-server-Xorg is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376188
      • AND
        • comment xorg-x11-server-Xvfb is earlier than 0:1.13.0-23.1.el6_5
          oval oval:com.redhat.rhsa:tst:20131868024
        • comment xorg-x11-server-Xvfb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376190
      • AND
        • comment xorg-x11-server-common is earlier than 0:1.13.0-23.1.el6_5
          oval oval:com.redhat.rhsa:tst:20131868026
        • comment xorg-x11-server-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376192
      • AND
        • comment xorg-x11-server-devel is earlier than 0:1.13.0-23.1.el6_5
          oval oval:com.redhat.rhsa:tst:20131868028
        • comment xorg-x11-server-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376194
      • AND
        • comment xorg-x11-server-source is earlier than 0:1.13.0-23.1.el6_5
          oval oval:com.redhat.rhsa:tst:20131868030
        • comment xorg-x11-server-source is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376196
rhsa
id RHSA-2013:1868
released 2013-12-20
severity Important
title RHSA-2013:1868: xorg-x11-server security update (Important)
rpms
  • xorg-x11-server-Xdmx-0:1.1.1-48.101.el5_10.2
  • xorg-x11-server-Xdmx-0:1.13.0-23.1.el6_5
  • xorg-x11-server-Xephyr-0:1.1.1-48.101.el5_10.2
  • xorg-x11-server-Xephyr-0:1.13.0-23.1.el6_5
  • xorg-x11-server-Xnest-0:1.1.1-48.101.el5_10.2
  • xorg-x11-server-Xnest-0:1.13.0-23.1.el6_5
  • xorg-x11-server-Xorg-0:1.1.1-48.101.el5_10.2
  • xorg-x11-server-Xorg-0:1.13.0-23.1.el6_5
  • xorg-x11-server-Xvfb-0:1.1.1-48.101.el5_10.2
  • xorg-x11-server-Xvfb-0:1.13.0-23.1.el6_5
  • xorg-x11-server-Xvnc-source-0:1.1.1-48.101.el5_10.2
  • xorg-x11-server-common-0:1.13.0-23.1.el6_5
  • xorg-x11-server-debuginfo-0:1.1.1-48.101.el5_10.2
  • xorg-x11-server-debuginfo-0:1.13.0-23.1.el6_5
  • xorg-x11-server-devel-0:1.13.0-23.1.el6_5
  • xorg-x11-server-sdk-0:1.1.1-48.101.el5_10.2
  • xorg-x11-server-source-0:1.13.0-23.1.el6_5
refmap via4
confirm
debian DSA-2822
gentoo
  • GLSA-201701-64
  • GLSA-201710-30
mlist
  • [oss-security] 20131203 CVE Request: xorg-server and pixman
  • [oss-security] 20131204 Re: CVE Request: xorg-server and pixman
  • [xorg-devel] 20131002 [PATCH] exa: only draw valid trapezoids
suse openSUSE-SU-2013:1965
ubuntu USN-2500-1
Last major update 24-08-2020 - 16:52
Published 18-01-2014 - 19:55
Last modified 24-08-2020 - 16:52
Back to Top