CVE-2016-7945
https://notcve.org/view.php?id=CVE-2016-7945
Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields. Múltiples desbordamientos de entero en X.org libXi en versiones anteriores a 1.7.7 permite a servidores remotos X provocar una denegación de servicio (acceso de memoria fuera de datos o bucle infinito) a través de vectores que involucran campos de longitud. • http://www.openwall.com/lists/oss-security/2016/10/04/2 http://www.openwall.com/lists/oss-security/2016/10/04/4 http://www.securityfocus.com/bid/93364 http://www.securitytracker.com/id/1036945 https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVT • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVE-2016-7946
https://notcve.org/view.php?id=CVE-2016-7946
X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields. X.org libXi en versiones anteriores a 1.7.7 permite a servidores remotos X provocar una denegación de servicio (bucle infinito) a través de vectores que involucran campos de longitud. • http://www.openwall.com/lists/oss-security/2016/10/04/2 http://www.openwall.com/lists/oss-security/2016/10/04/4 http://www.securityfocus.com/bid/93374 http://www.securitytracker.com/id/1036945 https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVT • CWE-284: Improper Access Control •
CVE-2013-1984 – libXi: Multiple integer overflows leading to heap-based buffer-overflows
https://notcve.org/view.php?id=CVE-2013-1984
Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions. Multiples desbordamientos de enteros en X.org libXi v1.7.1 y anteriores permiten que los servidores X provoquen una asignación de memoria insuficiente y un desbordamiento de búfer a través de vectores relacionados con las funciones (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents , (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, y (8) XListInputDevices. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html http://www.debian.org/security/2013/dsa-2683 http://www.openwall.com/lists/oss-security/2013/05/23/3 http://www.ubuntu.com/usn/USN-1859-1 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 https://access.redhat.com/security/cve/CVE-2013-1984 https://bugzilla.redhat.com/show_bug.cgi?id=959049 • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVE-2013-1998 – libXi: Multiple Array Index error leading to heap-based OOB write
https://notcve.org/view.php?id=CVE-2013-1998
Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions. Multiples desbordamientos de búfer en X.org libXi v1.7.1 y anteriores permite a los servidores X causar una denegación de servicio (por caída del servidor) y posiblemente ejecutar código de su elección a través de valores de índice o de longitud debidamente modificados en las funciones (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, y (3) XQueryDeviceState. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html http://www.debian.org/security/2013/dsa-2683 http://www.openwall.com/lists/oss-security/2013/05/23/3 http://www.securityfocus.com/bid/60127 http://www.ubuntu.com/usn/USN-1859-1 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 https://access.redhat.com/security/cve/CVE-2013-1998 https://bugzilla.redhat.com/show& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2013-1995 – libXi: Sign extension issues resulting in heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2013-1995
X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function. X.org LibXi v1.7.1 y anteriores permite a los servidores X activar la asignación de memoria insuficiente y provocar un desbordamiento de búfer a través de vectores relacionados con una extensión de signo inesperada en la función XListInputDevices. A buffer overflow flaw was found in the way the XListInputDevices() function of X.Org X11's libXi runtime library handled signed numbers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html http://www.debian.org/security/2013/dsa-2683 http://www.openwall.com/lists/oss-security/2013/05/23/3 http://www.securityfocus.com/bid/60124 http://www.ubuntu.com/usn/USN-1859-1 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 https://access.redhat.com/security/cve/CVE-2013-1995 https://bugzilla.redhat.com/show& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •