CVE-2013-1872 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mesa

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources

Severity

6.8MEDIUMNVD

CNA10.0OSV10.0

EPSS

1.1%

top 21.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mesa3d Mesa Canonical Ubuntu Linux Opensuse +1 more

Timeline

PublishedAug 19

Latest updateMay 14

Description

The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶Debianmesa3d/mesa< 8.0.5-7+3

▶NVDmesa3d/mesa10 versions+9

▶NVDopensuse/opensuse12.2, 12.3+1

Also affects: Ubuntu Linux 12.04, 12.10, 13.04, Enterprise Linux 6.0

🔴Vulnerability Details

GHSA

GHSA-847q-55hx-98vj: The Intel drivers in Mesa 8↗2022-05-14

▶

CVEList

CVE-2013-1872: The Intel drivers in Mesa 8↗2013-08-19

▶

OSV

CVE-2013-1872: The Intel drivers in Mesa 8↗2013-08-19

▶

📋Vendor Advisories

Ubuntu

Mesa vulnerabilities↗2013-06-20

▶

Red Hat

Mesa: Memory corruption (OOB read/write) on intel drivers↗2013-05-29

▶

Debian

CVE-2013-1872: mesa - The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to c...↗2013

▶

💬Community

Bugzilla

CVE-2013-1872 Mesa: Memory corruption (OOB read/write) on intel drivers [fedora-all]↗2013-06-03

▶

Bugzilla

CVE-2013-1872 Mesa: Memory corruption (OOB read/write) on intel drivers↗2013-03-20

▶