CVE-2013-1993 — Integer Overflow or Wraparound in Mesa

CWE-189 CWE-190 — Integer Overflow or Wraparound CWE-122 — Heap-based Buffer Overflow8 documents8 sources

Severity

6.8MEDIUMNVD

EPSS

2.0%

top 16.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mesa3d Mesa

Timeline

PublishedJun 15

Latest updateMay 17

Description

Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶Debianmesa3d/mesa< 8.0.5-6+3

▶NVDmesa3d/mesa9.1.1+5

🔴Vulnerability Details

GHSA

GHSA-4j5x-8p5g-fw48: Multiple integer overflows in X↗2022-05-17

▶

CVEList

CVE-2013-1993: Multiple integer overflows in X↗2013-06-15

▶

OSV

CVE-2013-1993: Multiple integer overflows in X↗2013-06-15

▶

📋Vendor Advisories

Ubuntu

Mesa vulnerabilities↗2013-06-20

▶

Red Hat

Mesa: Multiple integer overflows leading to heap-based bufer overflows↗2013-05-23

▶

Debian

CVE-2013-1993: mesa - Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X ser...↗2013

▶

💬Community

Bugzilla

CVE-2013-1993 Mesa: Multiple integer overflows leading to heap-based bufer overflows↗2013-05-10

▶