CVE-2013-1993

Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
mesa3dmesa
𝑥
≤ 9.1.1
mesa3dmesa
9.0
mesa3dmesa
9.0.1
mesa3dmesa
9.0.2
mesa3dmesa
9.0.3
mesa3dmesa
9.1
xlibglx
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mesa
bookworm
22.3.6-1+deb12u1
fixed
bullseye
20.3.5-1
fixed
sid
24.2.6-1
fixed
trixie
24.2.4-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mesa
lucid
ignored
precise
Fixed 8.0.4-0ubuntu0.6
released
quantal
Fixed 9.0.3-0ubuntu0.2
released
raring
Fixed 9.1.3-0ubuntu0.3
released
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
glx-utils
RHEL 6
0:9.0-0.8.el6_4.3
fixed
mesa-demos
RHEL 6
0:9.0-0.8.el6_4.3
fixed
mesa-dri-drivers
RHEL 6
0:9.0-0.8.el6_4.3
fixed
mesa-dri-filesystem
RHEL 6
0:9.0-0.8.el6_4.3
fixed
mesa-libGL
RHEL 6
0:9.0-0.8.el6_4.3
fixed
mesa-libGL-devel
RHEL 6
0:9.0-0.8.el6_4.3
fixed
mesa-libGLU
RHEL 6
0:9.0-0.8.el6_4.3
fixed
mesa-libGLU-devel
RHEL 6
0:9.0-0.8.el6_4.3
fixed
mesa-libOSMesa
RHEL 6
0:9.0-0.8.el6_4.3
fixed
mesa-libOSMesa-devel
RHEL 6
0:9.0-0.8.el6_4.3
fixed
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2013-0190.html
http://lists.freedesktop.org/archives/mesa-dev/2013-May/039720.html
http://lists.freedesktop.org/archives/mesa-dev/2013-May/039722.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00007.html
http://rhn.redhat.com/errata/RHSA-2013-0897.html
http://rhn.redhat.com/errata/RHSA-2013-0898.html
http://www.debian.org/security/2013/dsa-2678
http://www.mandriva.com/security/advisories?name=MDVSA-2013:181
http://www.openwall.com/lists/oss-security/2013/05/23/3
http://www.ubuntu.com/usn/USN-1888-1
http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
http://advisories.mageia.org/MGASA-2013-0190.html
http://lists.freedesktop.org/archives/mesa-dev/2013-May/039720.html
http://lists.freedesktop.org/archives/mesa-dev/2013-May/039722.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00007.html
http://rhn.redhat.com/errata/RHSA-2013-0897.html
http://rhn.redhat.com/errata/RHSA-2013-0898.html
http://www.debian.org/security/2013/dsa-2678
http://www.mandriva.com/security/advisories?name=MDVSA-2013:181
http://www.openwall.com/lists/oss-security/2013/05/23/3
http://www.ubuntu.com/usn/USN-1888-1
http://www.x.org/wiki/Development/Security/Advisory-2013-05-23