CVE-2013-6424 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 89%

Vendor	Product	Version
pixman	pixman	𝑥 < 0.31.2
debian	debian_linux	6.0
debian	debian_linux	7.0
opensuse	opensuse	12.2
opensuse	opensuse	12.3
opensuse	opensuse	13.1
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	14.10

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

xorg-server

bullseye	2:1.20.11-1+deb11u13 fixed
bullseye (security)	2:1.20.11-1+deb11u14 fixed
bookworm	2:21.1.7-3+deb12u7 fixed
bookworm (security)	2:21.1.7-3+deb12u8 fixed
sid	2:21.1.14-1 fixed
trixie	2:21.1.14-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

xorg

utopic	not-affected
trusty	dne
saucy	not-affected
raring	not-affected
quantal	not-affected
precise	not-affected
lucid	not-affected

xorg-server

utopic	not-affected
trusty	not-affected
saucy	not-affected
raring	ignored
quantal	ignored
precise	Fixed 2:1.11.4-0ubuntu10.17 released
lucid	ignored

Common Weakness Enumeration

CWE-191 - Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References

http://lists.opensuse.org/opensuse-updates/2013-12/msg00127.html

http://lists.x.org/archives/xorg-devel/2013-October/037996.html

http://rhn.redhat.com/errata/RHSA-2013-1868.html

http://www.debian.org/security/2013/dsa-2822

http://www.openwall.com/lists/oss-security/2013/12/03/8

http://www.openwall.com/lists/oss-security/2013/12/04/8

http://www.ubuntu.com/usn/USN-2500-1

https://bugs.freedesktop.org/show_bug.cgi?id=67484

https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1197921

https://security.gentoo.org/glsa/201701-64

https://security.gentoo.org/glsa/201710-30

http://lists.opensuse.org/opensuse-updates/2013-12/msg00127.html

http://lists.x.org/archives/xorg-devel/2013-October/037996.html

http://rhn.redhat.com/errata/RHSA-2013-1868.html

http://www.debian.org/security/2013/dsa-2822

http://www.openwall.com/lists/oss-security/2013/12/03/8

http://www.openwall.com/lists/oss-security/2013/12/04/8

http://www.ubuntu.com/usn/USN-2500-1

https://bugs.freedesktop.org/show_bug.cgi?id=67484

https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1197921

https://security.gentoo.org/glsa/201701-64

https://security.gentoo.org/glsa/201710-30