CVE-2013-7439

Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
x.orglibx11
1.0.1
x.orglibx11
1.0.2
x.orglibx11
1.0.3
x.orglibx11
1.1
x.orglibx11
1.1:rc1
x.orglibx11
1.1:rc2
x.orglibx11
1.1.4
x.orglibx11
1.1.5
x.orglibx11
1.1.6
x.orglibx11
1.1.99.1
x.orglibx11
1.1.99.2
x.orglibx11
1.2
x.orglibx11
1.2.1
x.orglibx11
1.2.2
x.orglibx11
1.3
x.orglibx11
1.3.1
x.orglibx11
1.3.2
x.orglibx11
1.3.3
x.orglibx11
1.3.4
x.orglibx11
1.3.5
x.orglibx11
1.3.6
x.orglibx11
1.3.99.901
x.orglibx11
1.3.99.902
x.orglibx11
1.3.99.903
x.orglibx11
1.4.0
x.orglibx11
1.4.1
x.orglibx11
1.4.2
x.orglibx11
1.4.3
x.orglibx11
1.4.4
x.orglibx11
1.4.99.901
x.orglibx11
1.4.99.902
x.orglibx11
1.5.0
x.orglibx11
1.5.99.901
x.orglibx11
1.5.99.902
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
14.10
debiandebian_linux
7.0
x.orgx11
6.0
x.orgx11
6.1
x.orgx11
6.3
x.orgx11
6.4
x.orgx11
6.5.1
x.orgx11
6.6
x.orgx11
6.7
x.orgx11
6.8.0
x.orgx11
6.8.1
x.orgx11
6.8.2
x.orgx11
6.9
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libx11
bookworm
2:1.8.4-2+deb12u2
fixed
bookworm (security)
2:1.8.4-2+deb12u2
fixed
bullseye
2:1.7.2-1+deb11u2
fixed
bullseye (security)
2:1.7.2-1+deb11u2
fixed
sid
2:1.8.10-1
fixed
trixie
2:1.8.7-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libx11
lucid
ignored
precise
Fixed 2:1.4.99.1-0ubuntu2.3
released
trusty
not-affected
utopic
not-affected
libxrender
lucid
ignored
precise
Fixed 1:0.9.6-2ubuntu0.2
released
trusty
Fixed 1:0.9.8-1build0.14.04.1
released
utopic
Fixed 1:0.9.8-1build0.14.10.1
released
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libX11
RHEL 6
0:1.6.0-2.2.el6
fixed
libX11-common
RHEL 6
0:1.6.0-2.2.el6
fixed
libX11-devel
RHEL 6
0:1.6.0-2.2.el6
fixed
libXcursor
RHEL 6
0:1.1.14-2.1.el6
fixed
libXcursor-devel
RHEL 6
0:1.1.14-2.1.el6
fixed
libXext
RHEL 6
0:1.3.2-2.1.el6
fixed
libXext-devel
RHEL 6
0:1.3.2-2.1.el6
fixed
libXfixes
RHEL 6
0:5.0.1-2.1.el6
fixed
libXfixes-devel
RHEL 6
0:5.0.1-2.1.el6
fixed
libXi
RHEL 6
0:1.7.2-2.2.el6
fixed
libXi-devel
RHEL 6
0:1.7.2-2.2.el6
fixed
libXinerama
RHEL 6
0:1.1.3-2.1.el6
fixed
libXinerama-devel
RHEL 6
0:1.1.3-2.1.el6
fixed
libXp
RHEL 6
0:1.0.2-2.1.el6
fixed
libXp-devel
RHEL 6
0:1.0.2-2.1.el6
fixed
libXrandr
RHEL 6
0:1.4.1-2.1.el6
fixed
libXrandr-devel
RHEL 6
0:1.4.1-2.1.el6
fixed
libXrender
RHEL 6
0:0.9.8-2.1.el6
fixed
libXrender-devel
RHEL 6
0:0.9.8-2.1.el6
fixed
libXres
RHEL 6
0:1.0.7-2.1.el6
fixed
libXres-devel
RHEL 6
0:1.0.7-2.1.el6
fixed
libXt
RHEL 6
0:1.1.4-6.1.el6
fixed
libXt-devel
RHEL 6
0:1.1.4-6.1.el6
fixed
libXtst
RHEL 6
0:1.2.2-2.1.el6
fixed
libXtst-devel
RHEL 6
0:1.2.2-2.1.el6
fixed
libXv
RHEL 6
0:1.0.9-2.1.el6
fixed
libXv-devel
RHEL 6
0:1.0.9-2.1.el6
fixed
libXvMC
RHEL 6
0:1.0.8-2.1.el6
fixed
libXvMC-devel
RHEL 6
0:1.0.8-2.1.el6
fixed
libXxf86dga
RHEL 6
0:1.1.4-2.1.el6
fixed
libXxf86dga-devel
RHEL 6
0:1.1.4-2.1.el6
fixed
libXxf86vm
RHEL 6
0:1.1.3-2.1.el6
fixed
libXxf86vm-devel
RHEL 6
0:1.1.3-2.1.el6
fixed
libdmx
RHEL 6
0:1.1.3-3.el6
fixed
libdmx-devel
RHEL 6
0:1.1.3-3.el6
fixed
libxcb
RHEL 6
0:1.9.1-2.el6
fixed
libxcb-devel
RHEL 6
0:1.9.1-2.el6
fixed
libxcb-doc
RHEL 6
0:1.9.1-2.el6
fixed
libxcb-python
RHEL 6
0:1.9.1-2.el6
fixed
xcb-proto
RHEL 6
0:1.8-3.el6
fixed
xkeyboard-config
RHEL 6
0:2.11-1.el6
fixed
xkeyboard-config-devel
RHEL 6
0:2.11-1.el6
fixed
xorg-x11-proto-devel
RHEL 6
0:7.7-9.el6
fixed
xorg-x11-xtrans-devel
RHEL 6
0:1.3.4-1.el6
fixed
Common Weakness Enumeration
References
http://lists.x.org/archives/xorg-announce/2015-April/002561.html
http://seclists.org/oss-sec/2015/q2/81
http://www.debian.org/security/2015/dsa-3224
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.securityfocus.com/bid/73962
http://www.ubuntu.com/usn/USN-2568-1
https://bugs.freedesktop.org/show_bug.cgi?id=56508
http://lists.x.org/archives/xorg-announce/2015-April/002561.html
http://seclists.org/oss-sec/2015/q2/81
http://www.debian.org/security/2015/dsa-3224
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.securityfocus.com/bid/73962
http://www.ubuntu.com/usn/USN-2568-1
https://bugs.freedesktop.org/show_bug.cgi?id=56508