CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 0CVE-2013-1997 – libX11: Multiple Array Index error leading to heap-based OOB write
https://notcve.org/view.php?id=CVE-2013-1997
Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions. Multiples desbordamientos de búfer en X.org libX11 v1.5.99.901 (1.6 RC1) y anteriores permite a los servidores X causar una denegación de servicio (por caída del servidor) y posiblemente ejecutar código de su elección a través de valores de índice o de longitud debidamente modificados en las funciones (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, y (16) XGetFontPath. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106781.html http://www.debian.org/security/2013/dsa-2693 http://www.openwall.com/lists/oss-security/2013/05/23/3 http://www.ubuntu.com/usn/USN-1854-1 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 https://access.redhat.com/security/cve/CVE-2013-1997 https://bugzilla.redhat.com/show_bug.cgi?id=960345 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2013-1987 – libXrender: Multiple integer overflows leading to heap-based bufer overflows
https://notcve.org/view.php?id=CVE-2013-1987
Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats, and (3) XRenderQueryPictIndexValues functions. Múltiples desbordamientos de enteros en X.org libxrender v0.9.7 y anteriores permiten que los servidores X provoquen una asignación de memoria insuficiente y un desbordamiento de búfer a través de vectores relacionados con las funciones (1) XRender QueryFilters, (2) XRenderQueryFormats, y (3) XRenderQueryPictIndexValues??. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106862.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00141.html http://www.debian.org/security/2013/dsa-2677 http://www.openwall.com/lists/oss-security/2013/05/23/3 http://www.securityfocus.com/bid/60132 http://www.ubuntu.com/usn/USN-1863-1 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 https://access.redhat.com/security/cve/CVE-2013-1987 https://bugzilla.redhat.com/show& • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 1%CPEs: 6EXPL: 0CVE-2013-2001 – libXxf86vm: Multiple Array Index error leading to heap-based OOB write
https://notcve.org/view.php?id=CVE-2013-2001
Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGetGammaRamp function. Un desbordamiento de búfer en X.org libXxf86vm v1.1.2 y anteriores permite a los servidores X causar una denegación de servicio (por caída del servidor) y posiblemente ejecutar código de su elección a través de valores de longitud o de índice de la función XF86VidModeGetGammaRamp debidamente establecidos. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106872.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00165.html http://www.debian.org/security/2013/dsa-2692 http://www.openwall.com/lists/oss-security/2013/05/23/3 http://www.ubuntu.com/usn/USN-1870-1 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 https://access.redhat.com/security/cve/CVE-2013-2001 https://bugzilla.redhat.com/show_bug.cgi?id=960350 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-1985 – libXinerama: Integer overflow leading to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2013-1985
Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function. Desbordamiento de entero en X.org libXinerama v1.1.2 y anteriores permite a los servidores X provocar una asignación de memoria insuficiente y un desbordamiento de búfer a través de vectores relacionados con la función XineramaQueryScreens. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106845.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00154.html http://www.debian.org/security/2013/dsa-2691 http://www.openwall.com/lists/oss-security/2013/05/23/3 http://www.ubuntu.com/usn/USN-1860-1 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 https://access.redhat.com/security/cve/CVE-2013-1985 https://bugzilla.redhat.com/show_bug.cgi?id=959056 • CWE-20: Improper Input Validation CWE-122: Heap-based Buffer Overflow •
CVSS: 6.8EPSS: 1%CPEs: 8EXPL: 0CVE-2013-2000 – libXxf86dga: Array Index error leading to heap-based OOB write
https://notcve.org/view.php?id=CVE-2013-2000
Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XDGAQueryModes and (2) XDGASetMode functions. Múltiples desbordamientos de búfer en X.org libXxf86dga v1.1.3 y anteriores permiten que los servidores X para causar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de valores de índice o de longitud de las funciones (1) XDGAQueryModes y (2) XDGASetMode. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106870.html http://www.debian.org/security/2013/dsa-2690 http://www.openwall.com/lists/oss-security/2013/05/23/3 http://www.ubuntu.com/usn/USN-1869-1 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 https://access.redhat.com/security/cve/CVE-2013-2000 https://bugzilla.redhat.com/show_bug.cgi?id=960349 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •