CVE-2013-7439

Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
canonicalCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
x.orglibx11
1.0.1
x.orglibx11
1.0.2
x.orglibx11
1.0.3
x.orglibx11
1.1
x.orglibx11
1.1:rc1
x.orglibx11
1.1:rc2
x.orglibx11
1.1.4
x.orglibx11
1.1.5
x.orglibx11
1.1.6
x.orglibx11
1.1.99.1
x.orglibx11
1.1.99.2
x.orglibx11
1.2
x.orglibx11
1.2.1
x.orglibx11
1.2.2
x.orglibx11
1.3
x.orglibx11
1.3.1
x.orglibx11
1.3.2
x.orglibx11
1.3.3
x.orglibx11
1.3.4
x.orglibx11
1.3.5
x.orglibx11
1.3.6
x.orglibx11
1.3.99.901
x.orglibx11
1.3.99.902
x.orglibx11
1.3.99.903
x.orglibx11
1.4.0
x.orglibx11
1.4.1
x.orglibx11
1.4.2
x.orglibx11
1.4.3
x.orglibx11
1.4.4
x.orglibx11
1.4.99.901
x.orglibx11
1.4.99.902
x.orglibx11
1.5.0
x.orglibx11
1.5.99.901
x.orglibx11
1.5.99.902
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
14.10
debiandebian_linux
7.0
x.orgx11
6.0
x.orgx11
6.1
x.orgx11
6.3
x.orgx11
6.4
x.orgx11
6.5.1
x.orgx11
6.6
x.orgx11
6.7
x.orgx11
6.8.0
x.orgx11
6.8.1
x.orgx11
6.8.2
x.orgx11
6.9
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libx11
bullseye (security)
2:1.7.2-1+deb11u2
fixed
bullseye
2:1.7.2-1+deb11u2
fixed
bookworm
2:1.8.4-2+deb12u2
fixed
bookworm (security)
2:1.8.4-2+deb12u2
fixed
trixie
2:1.8.7-1
fixed
sid
2:1.8.10-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libx11
utopic
not-affected
trusty
not-affected
precise
Fixed 2:1.4.99.1-0ubuntu2.3
released
lucid
ignored
libxrender
utopic
Fixed 1:0.9.8-1build0.14.10.1
released
trusty
Fixed 1:0.9.8-1build0.14.04.1
released
precise
Fixed 1:0.9.6-2ubuntu0.2
released
lucid
ignored
Common Weakness Enumeration
References
http://lists.x.org/archives/xorg-announce/2015-April/002561.html
http://seclists.org/oss-sec/2015/q2/81
http://www.debian.org/security/2015/dsa-3224
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.securityfocus.com/bid/73962
http://www.ubuntu.com/usn/USN-2568-1
https://bugs.freedesktop.org/show_bug.cgi?id=56508
http://lists.x.org/archives/xorg-announce/2015-April/002561.html
http://seclists.org/oss-sec/2015/q2/81
http://www.debian.org/security/2015/dsa-3224
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.securityfocus.com/bid/73962
http://www.ubuntu.com/usn/USN-2568-1
https://bugs.freedesktop.org/show_bug.cgi?id=56508