CVE-2013-6424 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:N/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 91%

Affected Products (NVD)

Vendor	Product	Version
pixman	pixman	𝑥 < 0.31.2
debian	debian_linux	6.0
debian	debian_linux	7.0
opensuse	opensuse	12.2
opensuse	opensuse	12.3
opensuse	opensuse	13.1
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	14.10

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

xorg-server

bookworm	2:21.1.7-3+deb12u7 fixed
bookworm (security)	2:21.1.7-3+deb12u8 fixed
bullseye	2:1.20.11-1+deb11u13 fixed
bullseye (security)	2:1.20.11-1+deb11u14 fixed
sid	2:21.1.14-1 fixed
trixie	2:21.1.14-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

xorg

lucid	not-affected
precise	not-affected
quantal	not-affected
raring	not-affected
saucy	not-affected
trusty	dne
utopic	not-affected

xorg-server

lucid	ignored
precise	Fixed 2:1.11.4-0ubuntu10.17 released
quantal	ignored
raring	ignored
saucy	not-affected
trusty	not-affected
utopic	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

xorg-x11-server

suse enterprise desktop 15	1.19.6-6.19 fixed
suse enterprise sap 12 SP5	1.19.6-8.18 fixed
suse enterprise sap 15	1.19.6-6.19 fixed
suse enterprise server 12 SP5	1.19.6-8.18 fixed
suse enterprise server 15	1.19.6-6.19 fixed

xorg-x11-server-extra

suse enterprise desktop 15	1.19.6-6.19 fixed
suse enterprise sap 12 SP5	1.19.6-8.18 fixed
suse enterprise sap 15	1.19.6-6.19 fixed
suse enterprise server 12 SP5	1.19.6-8.18 fixed
suse enterprise server 15	1.19.6-6.19 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

xorg-x11-server-Xdmx

RHEL 6

0:1.13.0-23.1.el6_5

fixed

xorg-x11-server-Xephyr

RHEL 6

0:1.13.0-23.1.el6_5

fixed

xorg-x11-server-Xnest

RHEL 6

0:1.13.0-23.1.el6_5

fixed

xorg-x11-server-Xorg

RHEL 6

0:1.13.0-23.1.el6_5

fixed

xorg-x11-server-Xvfb

RHEL 6

0:1.13.0-23.1.el6_5

fixed

xorg-x11-server-common

RHEL 6

0:1.13.0-23.1.el6_5

fixed

xorg-x11-server-devel

RHEL 6

0:1.13.0-23.1.el6_5

fixed

xorg-x11-server-source

RHEL 6

0:1.13.0-23.1.el6_5

fixed

Common Weakness Enumeration

CWE-191 - Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References

http://lists.opensuse.org/opensuse-updates/2013-12/msg00127.html

http://lists.x.org/archives/xorg-devel/2013-October/037996.html

http://rhn.redhat.com/errata/RHSA-2013-1868.html

http://www.debian.org/security/2013/dsa-2822

http://www.openwall.com/lists/oss-security/2013/12/03/8

http://www.openwall.com/lists/oss-security/2013/12/04/8

http://www.ubuntu.com/usn/USN-2500-1

https://bugs.freedesktop.org/show_bug.cgi?id=67484

https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1197921

https://security.gentoo.org/glsa/201701-64

https://security.gentoo.org/glsa/201710-30

http://lists.opensuse.org/opensuse-updates/2013-12/msg00127.html

http://lists.x.org/archives/xorg-devel/2013-October/037996.html

http://rhn.redhat.com/errata/RHSA-2013-1868.html

http://www.debian.org/security/2013/dsa-2822

http://www.openwall.com/lists/oss-security/2013/12/03/8

http://www.openwall.com/lists/oss-security/2013/12/04/8

http://www.ubuntu.com/usn/USN-2500-1

https://bugs.freedesktop.org/show_bug.cgi?id=67484

https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1197921

https://security.gentoo.org/glsa/201701-64

https://security.gentoo.org/glsa/201710-30