CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2016-7944
https://notcve.org/view.php?id=CVE-2016-7944
Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync. Desbordamiento de entero en X.org libXfixes en versiones anteriores a 5.0.3 en plataformas 32-bit podría permitir a servidores remotos X obtener privilegios a través de un valor de longitud de INT_MAX, que desencadena que el cliente pare la lectura de datos y salga de la sincronización. • http://www.openwall.com/lists/oss-security/2016/10/04/2 http://www.openwall.com/lists/oss-security/2016/10/04/4 http://www.securityfocus.com/bid/93361 http://www.securitytracker.com/id/1036945 https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4CE6VJWBMOWLSCH4OP4TAEPIA7NP53ON https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ • CWE-190: Integer Overflow or Wraparound CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2013-1983 – libXfixes: Integer overflow leading to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2013-1983
Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function. Un desbordamiento de entero en X.org libXfixes v5.0 y anteriores permite a los servidores X provocar una asignación de memoria insuficiente y un desbordamiento de búfer a través de vectores relacionados con la función XFixesGetCursorImage. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106794.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00144.html http://www.debian.org/security/2013/dsa-2676 http://www.openwall.com/lists/oss-security/2013/05/23/3 http://www.ubuntu.com/usn/USN-1858-1 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 https://access.redhat.com/security/cve/CVE-2013-1983 https://bugzilla.redhat.com/show_bug.cgi?id=959048 • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •