CVE-2013-1984

Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
x.orglibxi
𝑥
≤ 1.7.1
x.orglibxi
1.5.0
x.orglibxi
1.5.99.2
x.orglibxi
1.5.99.3
x.orglibxi
1.6.0
x.orglibxi
1.6.1
x.orglibxi
1.6.2
x.orglibxi
1.6.99.1
x.orglibxi
1.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libxi
bookworm
2:1.8-1
fixed
bullseye
2:1.7.10-1
fixed
sid
2:1.8.2-1
fixed
trixie
2:1.8.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libxi
lucid
Fixed 2:1.3-3ubuntu0.2
released
precise
Fixed 2:1.6.0-0ubuntu2.1
released
quantal
Fixed 2:1.6.1-1ubuntu0.1
released
raring
Fixed 2:1.6.99.1-0ubuntu3.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libXi-devel
suse enterprise desktop 15
1.7.9-1.23
fixed
suse enterprise desktop 15 SP1
1.7.9-1.23
fixed
suse enterprise desktop 15 SP2
1.7.9-3.2.1
fixed
suse enterprise desktop 15 SP3
1.7.9-3.2.1
fixed
suse enterprise desktop 15 SP4
1.7.9-3.2.1
fixed
suse enterprise desktop 15 SP5
1.7.9-3.2.1
fixed
suse enterprise desktop 15 SP6
1.7.9-3.2.1
fixed
suse enterprise desktop 15 SP7
1.7.9-3.2.1
fixed
suse enterprise sap 15
1.7.9-1.23
fixed
suse enterprise sap 15 SP1
1.7.9-1.23
fixed
suse enterprise sap 15 SP2
1.7.9-3.2.1
fixed
suse enterprise sap 15 SP3
1.7.9-3.2.1
fixed
suse enterprise sap 15 SP4
1.7.9-3.2.1
fixed
suse enterprise sap 15 SP5
1.7.9-3.2.1
fixed
suse enterprise sap 15 SP6
1.7.9-3.2.1
fixed
suse enterprise sap 15 SP7
1.7.9-3.2.1
fixed
suse enterprise server 15
1.7.9-1.23
fixed
suse enterprise server 15 SP1
1.7.9-1.23
fixed
suse enterprise server 15 SP2
1.7.9-3.2.1
fixed
suse enterprise server 15 SP3
1.7.9-3.2.1
fixed
suse enterprise server 15 SP4
1.7.9-3.2.1
fixed
suse enterprise server 15 SP5
1.7.9-3.2.1
fixed
suse enterprise server 15 SP6
1.7.9-3.2.1
fixed
suse enterprise server 15 SP7
1.7.9-3.2.1
fixed
libXi6
suse enterprise desktop 15
1.7.9-1.23
fixed
suse enterprise desktop 15 SP1
1.7.9-1.23
fixed
suse enterprise desktop 15 SP2
1.7.9-3.2.1
fixed
suse enterprise desktop 15 SP3
1.7.9-3.2.1
fixed
suse enterprise desktop 15 SP4
1.7.9-3.2.1
fixed
suse enterprise desktop 15 SP5
1.7.9-3.2.1
fixed
suse enterprise desktop 15 SP6
1.7.9-3.2.1
fixed
suse enterprise desktop 15 SP7
1.7.9-3.2.1
fixed
suse enterprise sap 12 SP5
1.7.4-18.6.1
fixed
suse enterprise sap 15
1.7.9-1.23
fixed
suse enterprise sap 15 SP1
1.7.9-1.23
fixed
suse enterprise sap 15 SP2
1.7.9-3.2.1
fixed
suse enterprise sap 15 SP3
1.7.9-3.2.1
fixed
suse enterprise sap 15 SP4
1.7.9-3.2.1
fixed
suse enterprise sap 15 SP5
1.7.9-3.2.1
fixed
suse enterprise sap 15 SP6
1.7.9-3.2.1
fixed
suse enterprise sap 15 SP7
1.7.9-3.2.1
fixed
suse enterprise server 12 SP1
1.7.4-9.2
fixed
suse enterprise server 12 SP2
1.7.4-9.2
fixed
suse enterprise server 12 SP3
1.7.4-17.1
fixed
suse enterprise server 12 SP4
1.7.4-17.1
fixed
suse enterprise server 12 SP5
1.7.4-18.6.1
fixed
suse enterprise server 15
1.7.9-1.23
fixed
suse enterprise server 15 SP1
1.7.9-1.23
fixed
suse enterprise server 15 SP2
1.7.9-3.2.1
fixed
suse enterprise server 15 SP3
1.7.9-3.2.1
fixed
suse enterprise server 15 SP4
1.7.9-3.2.1
fixed
suse enterprise server 15 SP5
1.7.9-3.2.1
fixed
suse enterprise server 15 SP6
1.7.9-3.2.1
fixed
suse enterprise server 15 SP7
1.7.9-3.2.1
fixed
libXi6-32bit
suse enterprise desktop 15 SP2
1.7.9-3.2.1
fixed
suse enterprise desktop 15 SP3
1.7.9-3.2.1
fixed
suse enterprise desktop 15 SP4
1.7.9-3.2.1
fixed
suse enterprise desktop 15 SP5
1.7.9-3.2.1
fixed
suse enterprise desktop 15 SP6
1.7.9-3.2.1
fixed
suse enterprise desktop 15 SP7
1.7.9-3.2.1
fixed
suse enterprise sap 12 SP5
1.7.4-18.6.1
fixed
suse enterprise sap 15 SP2
1.7.9-3.2.1
fixed
suse enterprise sap 15 SP3
1.7.9-3.2.1
fixed
suse enterprise sap 15 SP4
1.7.9-3.2.1
fixed
suse enterprise sap 15 SP5
1.7.9-3.2.1
fixed
suse enterprise sap 15 SP6
1.7.9-3.2.1
fixed
suse enterprise sap 15 SP7
1.7.9-3.2.1
fixed
suse enterprise server 12 SP1
1.7.4-9.2
fixed
suse enterprise server 12 SP2
1.7.4-9.2
fixed
suse enterprise server 12 SP3
1.7.4-17.1
fixed
suse enterprise server 12 SP4
1.7.4-17.1
fixed
suse enterprise server 12 SP5
1.7.4-18.6.1
fixed
suse enterprise server 15 SP2
1.7.9-3.2.1
fixed
suse enterprise server 15 SP3
1.7.9-3.2.1
fixed
suse enterprise server 15 SP4
1.7.9-3.2.1
fixed
suse enterprise server 15 SP5
1.7.9-3.2.1
fixed
suse enterprise server 15 SP6
1.7.9-3.2.1
fixed
suse enterprise server 15 SP7
1.7.9-3.2.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libX11
RHEL 6
0:1.6.0-2.2.el6
fixed
libX11-common
RHEL 6
0:1.6.0-2.2.el6
fixed
libX11-devel
RHEL 6
0:1.6.0-2.2.el6
fixed
libXcursor
RHEL 6
0:1.1.14-2.1.el6
fixed
libXcursor-devel
RHEL 6
0:1.1.14-2.1.el6
fixed
libXext
RHEL 6
0:1.3.2-2.1.el6
fixed
libXext-devel
RHEL 6
0:1.3.2-2.1.el6
fixed
libXfixes
RHEL 6
0:5.0.1-2.1.el6
fixed
libXfixes-devel
RHEL 6
0:5.0.1-2.1.el6
fixed
libXi
RHEL 6
0:1.7.2-2.2.el6
fixed
libXi-devel
RHEL 6
0:1.7.2-2.2.el6
fixed
libXinerama
RHEL 6
0:1.1.3-2.1.el6
fixed
libXinerama-devel
RHEL 6
0:1.1.3-2.1.el6
fixed
libXp
RHEL 6
0:1.0.2-2.1.el6
fixed
libXp-devel
RHEL 6
0:1.0.2-2.1.el6
fixed
libXrandr
RHEL 6
0:1.4.1-2.1.el6
fixed
libXrandr-devel
RHEL 6
0:1.4.1-2.1.el6
fixed
libXrender
RHEL 6
0:0.9.8-2.1.el6
fixed
libXrender-devel
RHEL 6
0:0.9.8-2.1.el6
fixed
libXres
RHEL 6
0:1.0.7-2.1.el6
fixed
libXres-devel
RHEL 6
0:1.0.7-2.1.el6
fixed
libXt
RHEL 6
0:1.1.4-6.1.el6
fixed
libXt-devel
RHEL 6
0:1.1.4-6.1.el6
fixed
libXtst
RHEL 6
0:1.2.2-2.1.el6
fixed
libXtst-devel
RHEL 6
0:1.2.2-2.1.el6
fixed
libXv
RHEL 6
0:1.0.9-2.1.el6
fixed
libXv-devel
RHEL 6
0:1.0.9-2.1.el6
fixed
libXvMC
RHEL 6
0:1.0.8-2.1.el6
fixed
libXvMC-devel
RHEL 6
0:1.0.8-2.1.el6
fixed
libXxf86dga
RHEL 6
0:1.1.4-2.1.el6
fixed
libXxf86dga-devel
RHEL 6
0:1.1.4-2.1.el6
fixed
libXxf86vm
RHEL 6
0:1.1.3-2.1.el6
fixed
libXxf86vm-devel
RHEL 6
0:1.1.3-2.1.el6
fixed
libdmx
RHEL 6
0:1.1.3-3.el6
fixed
libdmx-devel
RHEL 6
0:1.1.3-3.el6
fixed
libxcb
RHEL 6
0:1.9.1-2.el6
fixed
libxcb-devel
RHEL 6
0:1.9.1-2.el6
fixed
libxcb-doc
RHEL 6
0:1.9.1-2.el6
fixed
libxcb-python
RHEL 6
0:1.9.1-2.el6
fixed
xcb-proto
RHEL 6
0:1.8-3.el6
fixed
xkeyboard-config
RHEL 6
0:2.11-1.el6
fixed
xkeyboard-config-devel
RHEL 6
0:2.11-1.el6
fixed
xorg-x11-proto-devel
RHEL 6
0:7.7-9.el6
fixed
xorg-x11-xtrans-devel
RHEL 6
0:1.3.4-1.el6
fixed
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html
http://www.debian.org/security/2013/dsa-2683
http://www.openwall.com/lists/oss-security/2013/05/23/3
http://www.ubuntu.com/usn/USN-1859-1
http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html
http://www.debian.org/security/2013/dsa-2683
http://www.openwall.com/lists/oss-security/2013/05/23/3
http://www.ubuntu.com/usn/USN-1859-1
http://www.x.org/wiki/Development/Security/Advisory-2013-05-23