CVE-2013-7439
libX11: buffer overflow in MakeBigReq macro
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.
Múltiples errores de superación de límite (off-by-one) en los macros (1) MakeBigReq y (2) SetReqLen en include/X11/Xlibint.h en X11R6.x y libX11 anterior a 1.6.0 permiten a atacantes remotos tener un impacto no especificado a través de una solicitud manipulada, lo que provoca un desbordamiento de buffer.
Abhishek Arya discovered that libX11 incorrectly handled memory in the MakeBigReq macro. A remote attacker could use this issue to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code. In addition, following the macro fix in libx11, a number of other packages have also been rebuilt as security updates including libxrender, libxext, libxi, libxfixes, libxrandr, libsdl1.2, libxv, libxp, and xserver-xorg-video-vmware. Various other issues were also addressed.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-04-09 CVE Reserved
- 2015-04-14 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-189: Numeric Errors
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/oss-sec/2015/q2/81 | Mailing List |
|
| http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/73962 | Third Party Advisory | |
| https://bugs.freedesktop.org/show_bug.cgi?id=56508 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.x.org/archives/xorg-announce/2015-April/002561.html | 2016-10-18 |
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2015/dsa-3224 | 2016-10-18 | |
| http://www.ubuntu.com/usn/USN-2568-1 | 2016-10-18 | |
| https://access.redhat.com/security/cve/CVE-2013-7439 | 2014-10-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1209943 | 2014-10-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.0.1 Search vendor "X.org" for product "Libx11" and version "1.0.1" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.0.2 Search vendor "X.org" for product "Libx11" and version "1.0.2" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.0.3 Search vendor "X.org" for product "Libx11" and version "1.0.3" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.1 Search vendor "X.org" for product "Libx11" and version "1.1" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.1 Search vendor "X.org" for product "Libx11" and version "1.1" | rc1 |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.1 Search vendor "X.org" for product "Libx11" and version "1.1" | rc2 |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.1.4 Search vendor "X.org" for product "Libx11" and version "1.1.4" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.1.5 Search vendor "X.org" for product "Libx11" and version "1.1.5" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.1.6 Search vendor "X.org" for product "Libx11" and version "1.1.6" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.1.99.1 Search vendor "X.org" for product "Libx11" and version "1.1.99.1" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.1.99.2 Search vendor "X.org" for product "Libx11" and version "1.1.99.2" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.2 Search vendor "X.org" for product "Libx11" and version "1.2" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.2.1 Search vendor "X.org" for product "Libx11" and version "1.2.1" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.2.2 Search vendor "X.org" for product "Libx11" and version "1.2.2" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.3 Search vendor "X.org" for product "Libx11" and version "1.3" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.3.1 Search vendor "X.org" for product "Libx11" and version "1.3.1" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.3.2 Search vendor "X.org" for product "Libx11" and version "1.3.2" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.3.3 Search vendor "X.org" for product "Libx11" and version "1.3.3" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.3.4 Search vendor "X.org" for product "Libx11" and version "1.3.4" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.3.5 Search vendor "X.org" for product "Libx11" and version "1.3.5" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.3.6 Search vendor "X.org" for product "Libx11" and version "1.3.6" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.3.99.901 Search vendor "X.org" for product "Libx11" and version "1.3.99.901" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.3.99.902 Search vendor "X.org" for product "Libx11" and version "1.3.99.902" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.3.99.903 Search vendor "X.org" for product "Libx11" and version "1.3.99.903" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.4.0 Search vendor "X.org" for product "Libx11" and version "1.4.0" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.4.1 Search vendor "X.org" for product "Libx11" and version "1.4.1" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.4.2 Search vendor "X.org" for product "Libx11" and version "1.4.2" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.4.3 Search vendor "X.org" for product "Libx11" and version "1.4.3" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.4.4 Search vendor "X.org" for product "Libx11" and version "1.4.4" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.4.99.901 Search vendor "X.org" for product "Libx11" and version "1.4.99.901" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.4.99.902 Search vendor "X.org" for product "Libx11" and version "1.4.99.902" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.5.0 Search vendor "X.org" for product "Libx11" and version "1.5.0" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.5.99.901 Search vendor "X.org" for product "Libx11" and version "1.5.99.901" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | 1.5.99.902 Search vendor "X.org" for product "Libx11" and version "1.5.99.902" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.10" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | X11 Search vendor "X.org" for product "X11" | 6.0 Search vendor "X.org" for product "X11" and version "6.0" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | X11 Search vendor "X.org" for product "X11" | 6.1 Search vendor "X.org" for product "X11" and version "6.1" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | X11 Search vendor "X.org" for product "X11" | 6.3 Search vendor "X.org" for product "X11" and version "6.3" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | X11 Search vendor "X.org" for product "X11" | 6.4 Search vendor "X.org" for product "X11" and version "6.4" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | X11 Search vendor "X.org" for product "X11" | 6.5.1 Search vendor "X.org" for product "X11" and version "6.5.1" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | X11 Search vendor "X.org" for product "X11" | 6.6 Search vendor "X.org" for product "X11" and version "6.6" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | X11 Search vendor "X.org" for product "X11" | 6.7 Search vendor "X.org" for product "X11" and version "6.7" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | X11 Search vendor "X.org" for product "X11" | 6.8.0 Search vendor "X.org" for product "X11" and version "6.8.0" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | X11 Search vendor "X.org" for product "X11" | 6.8.1 Search vendor "X.org" for product "X11" and version "6.8.1" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | X11 Search vendor "X.org" for product "X11" | 6.8.2 Search vendor "X.org" for product "X11" and version "6.8.2" | - |
Affected
| ||||||
| X.org Search vendor "X.org" | X11 Search vendor "X.org" for product "X11" | 6.9 Search vendor "X.org" for product "X11" and version "6.9" | - |
Affected
| ||||||