CVE-2019-5068
https://notcve.org/view.php?id=CVE-2019-5068
An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability. Existe una vulnerabilidad de permisos de memoria compartida explotable en la funcionalidad de X11 de Mesa 3D Graphics Library versión 19.1.2. Un atacante puede acceder a la memoria compartida sin ningún permiso específico para activar esta vulnerabilidad. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00037.html https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc https://lists.debian.org/debian-lts-announce/2019/11/msg00013.html https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857 https://usn.ubuntu.com/4271-1 • CWE-277: Insecure Inherited Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2013-1872 – Mesa: Memory corruption (OOB read/write) on intel drivers
https://notcve.org/view.php?id=CVE-2013-1872
The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796. Los controladores Intel en Mesa 8.0.x y 9.0.x, permiten a atacantes dependientes del contexto provocar una denegación de servicio (caída y afirmación accesible) y posiblemente la ejecución de código arbitrario a través de vectores que involucran a los gráficos 3D que provocar un acceso a una matriz fuera de rango, relacionado con la función fs_visitor::remove_dead_constants. NOTA: esta vulnerabilidad podría estar relacionada con el CVE-2013-0796. • http://advisories.mageia.org/MGASA-2013-0190.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00019.html http://rhn.redhat.com/errata/RHSA-2013-0897.html http://www.debian.org/security/2013/dsa-2704 http://www.securityfocus.com/bid/60285 http://www.ubuntu.com/usn/USN-1888-1 https://bugs.freedesktop.org/show_bug.cgi?id=59429 https://bugzilla.redhat.com/show_bug.cgi?id=923584 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-1993 – Mesa: Multiple integer overflows leading to heap-based bufer overflows
https://notcve.org/view.php?id=CVE-2013-1993
Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions. Múltiples desbordamientos de enteros en X.org libglx en Mesa v9.1.1 y anteriores permiten que los servidores X provoquen una asignación de memoria insuficiente y un desbordamiento de búfer a través de vectores relacionados con las funciones (1) XF86DRIOpenConnection y (2) XF86DRIGetClientDriverName. • http://advisories.mageia.org/MGASA-2013-0190.html http://lists.freedesktop.org/archives/mesa-dev/2013-May/039720.html http://lists.freedesktop.org/archives/mesa-dev/2013-May/039722.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00007.html http://rhn.redhat.com/errata/RHSA-2013-0897.html http://rhn.redhat.com/errata/RHSA-2013-0898.html http://www.debian.org/security/2013/dsa-2678 http://www.mandriva.com/security/advisories?name=MDVSA-2013:181 http://www.openwall • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •