CVE-2013-1591 — Integer Overflow or Wraparound in Pale Moon

CWE-190 — Integer Overflow or Wraparound CWE-121 — Stack-based Buffer Overflow8 documents7 sources

Severity

9.8CRITICALNVD

EPSS

1.4%

top 19.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pixman Palemoon Pale Moon Redhat Enterprise Linux +1 more

Timeline

PublishedJan 31

Latest updateMay 14

Description

Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDpalemoon/pale_moon< 15.4

▶Debianpixman/pixman< 0.26.0-4+3

▶NVDredhat/enterprise_virtualization3.0

Also affects: Enterprise Linux 6.0

Patches

Patch: cgit.freedesktop.org ↗Patch: bugzilla.redhat.com ↗Patch: cgit.freedesktop.org ↗

🔴Vulnerability Details

GHSA

GHSA-7rw2-cfj2-g8vr: Stack-based buffer overflow in libpixman, as used in Pale Moon before 15↗2022-05-14

▶

OSV

CVE-2013-1591: Stack-based buffer overflow in libpixman, as used in Pale Moon before 15↗2013-01-31

▶

CVEList

CVE-2013-1591: Stack-based buffer overflow in libpixman, as used in Pale Moon before 15↗2013-01-31

▶

📋Vendor Advisories

Debian

CVE-2013-1591: pixman - Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and p...↗2013

▶

Red Hat

pixman: stack-based buffer overflow↗2012-09-15

▶

💬Community

Bugzilla

CVE-2013-1591 pixman: stack-based buffer overflow [fedora-all]↗2013-02-11

▶

Bugzilla

CVE-2013-1591 pixman: stack-based buffer overflow↗2013-02-11

▶