CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0CVE-2013-2005 – libXt: Memory corruption due to unchecked use of unchecked function pointers
https://notcve.org/view.php?id=CVE-2013-2005
X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors related to the (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut, (4) HandleNormal, and (5) HandleSelectionReplies functions. X.org LibXt v1.1.3 y versiones anteriores no comprueba el valor devuelto por la función XGetWindowProperty, lo que permite a los servidores X el activar el uso de un puntero no inicializado y provocar una corrupción de memoria a través de vectores relacionados con las funciones (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut, (4) HandleNormal, y (5) HandleSelectionReplies. A flaw was found in the way the X.Org X11 libXt runtime library used uninitialized pointers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106785.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00138.html http://www.debian.org/security/2013/dsa-2680 http://www.openwall.com/lists/oss-security/2013/05/23/3 http://www.securityfocus.com/bid/60133 http://www.ubuntu.com/usn/USN-1865-1 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 https://access.redhat.com/security/cve/CVE-2013-2005 https://bugzilla.redhat.com/show& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-456: Missing Initialization of a Variable •
CVSS: 6.8EPSS: 2%CPEs: 10EXPL: 0CVE-2013-2002 – libXt: Array Index error leading to heap-based OOB write
https://notcve.org/view.php?id=CVE-2013-2002
Buffer overflow in X.org libXt 1.1.3 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the _XtResourceConfigurationEH function. Desbordamiento de búfer en X.org libXt v1.1.3 y anteriores permite a los servidores X causar una denegación de servicio (caída de la aplicacion) y posiblemente ejecutar código de su elección a través de unos valores de longitud o de índice de la función _XtResourceConfigurationEH debidamente modificados. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106785.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00138.html http://www.debian.org/security/2013/dsa-2680 http://www.openwall.com/lists/oss-security/2013/05/23/3 http://www.securityfocus.com/bid/60137 http://www.ubuntu.com/usn/USN-1865-1 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 https://access.redhat.com/security/cve/CVE-2013-2002 https://bugzilla.redhat.com/show& • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •