CVE-2013-1591
published 2013-01-31CVE-2013-1591: Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack…
PriorityP338critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.63%
88.1th percentile
Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pixman | < pixman 0.26.0-4 (bookworm) | pixman 0.26.0-4 (bookworm) |
| palemoon | pale_moon | < 15.4 | 15.4 |
| pixman | pixman | >= 0 < 0.26.0-4 | 0.26.0-4 |
| pixman | pixman | >= 0 < 0.26.0-4 | 0.26.0-4 |
| pixman | pixman | >= 0 < 0.26.0-4 | 0.26.0-4 |
| pixman | pixman | >= 0 < 0.26.0-4 | 0.26.0-4 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_virtualization | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7rw2-cfj2-g8vr: Stack-based buffer overflow in libpixman, as used in Pale Moon before 15
ghsa_unreviewed·2022-05-14
CVE-2013-1591 [HIGH] CWE-190 GHSA-7rw2-cfj2-g8vr: Stack-based buffer overflow in libpixman, as used in Pale Moon before 15
Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop.
OSV
CVE-2013-1591: Stack-based buffer overflow in libpixman, as used in Pale Moon before 15
osv·2013-01-31·CVSS 9.8
CVE-2013-1591 [CRITICAL] CVE-2013-1591: Stack-based buffer overflow in libpixman, as used in Pale Moon before 15
Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop.
Debian
CVE-2013-1591: pixman - Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and p...
vendor_debian·2013·CVSS 9.8
CVE-2013-1591 [CRITICAL] CVE-2013-1591: pixman - Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and p...
Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop.
Scope: local
bookworm: resolved (fixed in 0.26.0-4)
bullseye: resolved (fixed in 0.26.0-4)
forky: resolved (fixed in 0.26.0-4)
sid: resolved (fixed in 0.26.0-4)
trixie: resolved (fixed in 0.26.0-4)
Red Hat
pixman: stack-based buffer overflow
vendor_redhat·2012-09-15·CVSS 9.8
CVE-2013-1591 [CRITICAL] CWE-121 pixman: stack-based buffer overflow
pixman: stack-based buffer overflow
Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop.
Statement: This issue did not affect the versions of pixman as shipped with Red Hat Enterprise Linux 5 as it did not contain the vulnerable code.
Package: pixman (Red Hat Enterprise Linux 5) - Not affected
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-1591 pixman: stack-based buffer overflow [fedora-all]
bugzilla·2013-02-11·CVSS 9.8
CVE-2013-1591 [CRITICAL] CVE-2013-1591 pixman: stack-based buffer overflow [fedora-all]
CVE-2013-1591 pixman: stack-based buffer overflow [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects multiple s
Bugzilla
CVE-2013-1591 pixman: stack-based buffer overflow
bugzilla·2013-02-11·CVSS 9.8
CVE-2013-1591 [CRITICAL] CVE-2013-1591 pixman: stack-based buffer overflow
CVE-2013-1591 pixman: stack-based buffer overflow
Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4, has unspecified impact and attack vectors.
The upstream commit to correct this flaw:
http://cgit.freedesktop.org/pixman/commit/?id=de60e2e0e3eb6084f8f14b63f25b3cbfb012943f
The affected code (pixman/pixman-inlines.h, fast_composite_scaled_bilinear()) is present in the version of pixmap shipped with Fedora 17 (0.24.4), but is not present in Red Hat Enterprise Linux 5 or 6 (the fast_composite_scaled_bilinear() function is in pixman/pixman-fast-path.h, but the vulnerable code is not there and I don't detect anything comparable). So it's likely that the vulnerable code was introduced after 0.22.0.
Discussion:
Created pixman tracking bugs for this issue
Affects: fe
CWE
Loop with Unreachable Exit Condition ('Infinite Loop')
mitre_cwe
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Availability. Impact: DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Amplification. An infinite loop will cause unexpected consumption of resources, such as CPU cycles or memory. The software's operation may slow down, or cause a long time to respond.
Detection Methods:
Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typi
CWE
Improperly Controlled Sequential Memory Allocation
mitre_cwe
CWE-1325 Improperly Controlled Sequential Memory Allocation
CWE-1325: Improperly Controlled Sequential Memory Allocation
The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memory that is consumed by all of the combined objects.
While the product might limit the amount of memory that is allocated in a single operation for a single object (such as a malloc of an array), if an attacker can cause multiple objects to be allocated in separate operations, then this might cause higher total memory consumption than the developer intended, leading to a denial of service.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Availability. Impact: DoS: Resource Consumption (Memory). Not controlling memory allocation can result i
CWE
Integer Overflow or Wraparound
mitre_cwe
CWE-190 Integer Overflow or Wraparound
CWE-190: Integer Overflow or Wraparound
The product performs a calculation that can
produce an integer overflow or wraparound when the logic
assumes that the resulting value will always be larger than
the original value. This occurs when an integer value is
incremented to a value that is too large to store in the
associated representation. When this occurs, the value may
become a very small or negative number.
Modes of Introduction:
Phase: Implementation
Note: This weakness may become security critical when determining the offset or size in behaviors such as memory allocation, copying, and concatenation.
Common Consequences:
Scope: Availability. Impact: DoS: Crash, Exit, or Restart, DoS: Resource Consumption (Memory), DoS: Instability. This weakness can generally lead to undefined behav
http://cgit.freedesktop.org/pixman/commit/?id=de60e2e0e3eb6084f8f14b63f25b3cbfb012943fhttp://rhn.redhat.com/errata/RHSA-2013-0687.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0746.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:116http://www.palemoon.org/releasenotes-ng.shtmlhttps://bugzilla.redhat.com/show_bug.cgi?id=910149https://support.f5.com/csp/article/K51392553https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0077http://cgit.freedesktop.org/pixman/commit/?id=de60e2e0e3eb6084f8f14b63f25b3cbfb012943fhttp://rhn.redhat.com/errata/RHSA-2013-0687.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0746.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:116http://www.palemoon.org/releasenotes-ng.shtmlhttps://bugzilla.redhat.com/show_bug.cgi?id=910149https://support.f5.com/csp/article/K51392553https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0077
2013-01-31
Published