3 results (0.044 seconds)

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks. Múltiples desbordamientos de entero en X.org libXtst en versiones anteriores a 1.2.3 permiten a servidores remotos X desencadenar operaciones de acceso a memoria fuera de límites aprovechando la falta de controles de alcance. • http://www.openwall.com/lists/oss-security/2016/10/04/2 http://www.openwall.com/lists/oss-security/2016/10/04/4 http://www.securityfocus.com/bid/93370 http://www.securitytracker.com/id/1036945 https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFLHX7WNEUXXDAGR324T35L5P6RRR7GE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0

X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data. X.org libXtst en versiones anteriores a 1.2.3 permite a servidores remotos X provocar una denegación de servicio (bucle infinito) a través de una respuesta en la categoría (1) XRecordStartOfData, (2) XRecordEndOfData o (3) XRecordClientDied sin una secuencia cliente y con datos adjuntos. • http://www.openwall.com/lists/oss-security/2016/10/04/2 http://www.openwall.com/lists/oss-security/2016/10/04/4 http://www.securityfocus.com/bid/93375 http://www.securitytracker.com/id/1036945 https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFLHX7WNEUXXDAGR324T35L5P6RRR7GE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R • CWE-20: Improper Input Validation CWE-284: Improper Access Control •

CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0

Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function. Desbordamiento de entero en X.org libXtst v1.2.1 y anteriores permite a los servidores X provocar una asignación de memoria insuficiente y un desbordamiento de búfer a través de vectores relacionados con la función XRecordGetContext. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106886.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00160.html http://www.debian.org/security/2013/dsa-2689 http://www.openwall.com/lists/oss-security/2013/05/23/3 http://www.ubuntu.com/usn/USN-1866-1 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 https://access.redhat.com/security/cve/CVE-2013-2063 https://bugzilla.redhat.com/show_bug.cgi?id=960366 • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •