CVE-2013-1981Integer Overflow or Wraparound in Libx11

CWE-189CWE-190Integer Overflow or WraparoundCWE-122Heap-based Buffer Overflow9 documents8 sources
Severity
6.8MEDIUMNVD
EPSS
0.9%
top 24.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
X.org Libx11X Libx11Canonical Ubuntu Linux
Timeline
PublishedJun 15
Latest updateMay 17

Description

Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

Debianx.org/libx11< 2:1.5.0-1+deb7u1+3
NVDx/libx111.5.99.901+1

Also affects: Ubuntu Linux 10.04, 12.04, 12.10, 13.04

🔴Vulnerability Details

3
GHSA
GHSA-h27q-wm75-844h: Multiple integer overflows in X2022-05-17
CVEList
CVE-2013-1981: Multiple integer overflows in X2013-06-15
OSV
CVE-2013-1981: Multiple integer overflows in X2013-06-15

📋Vendor Advisories

3
Ubuntu
libx11 vulnerabilities2013-06-05
Red Hat
libX11: Multiple integer overflows leading to heap-based buffer-overflows2013-05-23
Debian
CVE-2013-1981: libx11 - Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allo...2013

💬Community

2
Bugzilla
CVE-2013-1981 CVE-2013-2004 libX11 various flaws [fedora-all]2013-05-23
Bugzilla
CVE-2013-1981 libX11: Multiple integer overflows leading to heap-based buffer-overflows2013-05-03
CVE-2013-1981 — Integer Overflow or Wraparound | cvebase