CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-2004 – libX11: unbounded recursion leading to stack-overflow
https://notcve.org/view.php?id=CVE-2013-2004
The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file. Las funciones (1) GetDatabase y (2) _XimParseStringFile en X.org libX11 v1.5.99.901 (1.6 RC1) y anteriores no limitan la profundidad de recursividad en el tratamiento de las directivas de inclusión de archivos, lo que permite causar una denegación de servicio a los servidores X (por consumo de pila) a través de un archivo diseñado para tal fin. Two stack-based buffer overflow flaws were found in the way libX11, the Core X11 protocol client library, processed certain user-specified files. A malicious X11 server could possibly use this flaw to crash an X11 client via a specially crafted file. • http://www.debian.org/security/2013/dsa-2693 http://www.openwall.com/lists/oss-security/2013/05/23/3 http://www.ubuntu.com/usn/USN-1854-1 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 https://access.redhat.com/security/cve/CVE-2013-2004 https://bugzilla.redhat.com/show_bug.cgi?id=959112 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.3EPSS: 6%CPEs: 6EXPL: 0CVE-2007-1667 – XGetPixel() integer overflow
https://notcve.org/view.php?id=CVE-2007-1667
Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. Múltiples desbordamientos de enteros en (1) la función XGetPixel en el archivo ImUtil.c en X.Org libx11 anterior a la versión 1.0.3 y (2) la función XInitImage en el archivo xwd.c para ImageMagick, permiten a los atacantes remotos asistidos por el usuario causar una denegación de servicio (bloqueo) o obtener información confidencial por medio de imágenes elaboradas con valores grandes o negativos que desencadenan un desbordamiento de búfer. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414045 http://issues.foresightlinux.org/browse/FL-223 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html http://rhn.redhat.com/errata/RHSA-2007-0125.html http://secunia.com/advisories/24739 http://secunia.com/advisories/24741 http://secunia.com/advisories/24745 http://secunia.com/advisories/24756 http://secunia.com/advisories/24758 htt • CWE-189: Numeric Errors •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2006-5397
https://notcve.org/view.php?id=CVE-2006-5397
The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor. El módulo Xinput (modules/im/ximcp/imLcIm.c) en X.Org libX11 1.0.2 y 1.0.3 abre un fichero para lectura dos veces utilizando el mismo descriptor de fichero, que provoca un agujero en los descriptores de fichero permitiendo a los usuarios locales, leer ficheros concretos con la variable de entorno XCOMPOSEFILE mediante un descriptor de fichero duplicado. • http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git%3Ba=commit%3Bh=686bb8b35acf6cecae80fe89b2b5853f5816ce19 http://secunia.com/advisories/22642 http://secunia.com/advisories/22749 http://www.mandriva.com/security/advisories?name=MDKSA-2006:199 http://www.securityfocus.com/bid/20845 http://www.vupen.com/english/advisories/2006/4289 https://bugs.freedesktop.org/show_bug.cgi?id=8699 https://exchange.xforce.ibmcloud.com/vulnerabilities/29956 •