CVE-2013-1981

15.06.2013, 19:55

Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	6.8 UNKNOWN	NETWORK	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 75%

Vendor	Product	Version
x	libx11	𝑥 ≤ 1.5.99.901
x	libx11	1.5.0
canonical	ubuntu_linux	10.04
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	12.10
canonical	ubuntu_linux	13.04

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libx11

bullseye (security)	2:1.7.2-1+deb11u2 fixed
bullseye	2:1.7.2-1+deb11u2 fixed
bookworm	2:1.8.4-2+deb12u2 fixed
bookworm (security)	2:1.8.4-2+deb12u2 fixed
trixie	2:1.8.7-1 fixed
sid	2:1.8.10-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

libx11

raring	Fixed 2:1.5.0-1ubuntu1.1 released
quantal	Fixed 2:1.5.0-1ubuntu0.1 released
precise	Fixed 2:1.4.99.1-0ubuntu2.1 released
lucid	Fixed 2:1.3.2-1ubuntu3.1 released

Common Weakness Enumeration

CWE-189 -

References

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106781.html

http://www.debian.org/security/2013/dsa-2693

http://www.openwall.com/lists/oss-security/2013/05/23/3

http://www.securityfocus.com/bid/60120