CVE-2013-1997
published 2013-06-15CVE-2013-1997: Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary…
PriorityP433medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
2.11%
79.5th percentile
Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libx11 | < libx11 2:1.5.0-1+deb7u1 (bookworm) | libx11 2:1.5.0-1+deb7u1 (bookworm) |
| x.org | libx11 | >= 0 < 2:1.5.0-1+deb7u1 | 2:1.5.0-1+deb7u1 |
| x.org | libx11 | >= 0 < 2:1.5.0-1+deb7u1 | 2:1.5.0-1+deb7u1 |
| x.org | libx11 | >= 0 < 2:1.5.0-1+deb7u1 | 2:1.5.0-1+deb7u1 |
| x.org | libx11 | >= 0 < 2:1.5.0-1+deb7u1 | 2:1.5.0-1+deb7u1 |
| x | libx11 | <= 1.5.99.901 | — |
| x | libx11 | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x42r-v45p-29g6: Multiple buffer overflows in X
ghsa_unreviewed·2022-05-17
CVE-2013-1997 [MEDIUM] CWE-119 GHSA-x42r-v45p-29g6: Multiple buffer overflows in X
Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions.
OSV
CVE-2013-1997: Multiple buffer overflows in X
osv·2013-06-15·CVSS 6.8
CVE-2013-1997 [MEDIUM] CVE-2013-1997: Multiple buffer overflows in X
Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions.
Ubuntu
libx11 vulnerabilities
vendor_ubuntu·2013-06-05
CVE-2013-1981 libx11 vulnerabilities
Title: libx11 vulnerabilities
Summary: Several security issues were fixed in libx11.
Ilja van Sprundel discovered multiple security issues in various X.org
libraries and components. An attacker could use these issues to cause
applications to crash, resulting in a denial of service, or possibly
execute arbitrary code.
Instructions: After a standard system update you need to restart your session to make all
the necessary changes.
Red Hat
libX11: Multiple Array Index error leading to heap-based OOB write
vendor_redhat·2013-05-23·CVSS 6.8
CVE-2013-1997 [MEDIUM] CWE-129 libX11: Multiple Array Index error leading to heap-based OOB write
libX11: Multiple Array Index error leading to heap-based OOB write
Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions.
Statement: This issue affects the libX11 package in Red Hat Enterprise Linux 5. Red Hat Product Security has rat
Debian
CVE-2013-1997: libx11 - Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow...
vendor_debian·2013·CVSS 6.8
CVE-2013-1997 [MEDIUM] CVE-2013-1997: libx11 - Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow...
Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions.
Scope: local
bookworm: resolved (fixed in 2:1.5.0-1+deb7u1)
bullseye: resolved (fixed in 2:1.5.0-1+deb7u1)
forky: resolved (fixed in 2:1.5.0-1+deb7u1)
sid: resolved (fixed in 2:1.5.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-1981 CVE-2013-2004 libX11 various flaws [fedora-all]
bugzilla·2013-05-23·CVSS 6.8
CVE-2013-1981 [MEDIUM] CVE-2013-1981 CVE-2013-2004 libX11 various flaws [fedora-all]
CVE-2013-1981 CVE-2013-2004 libX11 various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects multiple su
Bugzilla
CVE-2013-1997 libX11: Multiple Array Index error leading to heap-based OOB write
bugzilla·2013-05-07·CVSS 6.8
CVE-2013-1997 [MEDIUM] CVE-2013-1997 libX11: Multiple Array Index error leading to heap-based OOB write
CVE-2013-1997 libX11: Multiple Array Index error leading to heap-based OOB write
Multiple Array index errors leading to heap-based buffer OOB write flaws were found in the libX11, Core X11 protocol client library. When a X client is connected to a malcicious X server , (modified to return invalid values), it can cause arbirary code execution with the privileges of the user running the X client.
Affected functions: XAllocColorCells(), _XkbReadGetDeviceInfoReply(),
_XkbReadGeomShapes(), _XkbReadGetGeometryReply(), _XkbReadKeySyms(),
_XkbReadKeyActions(), _XkbReadKeyBehaviors(), _XkbReadModifierMap(),
_XkbReadExplicitComponents(), _XkbReadVirtualModMap(),
_XkbReadGetNamesReply(), _XkbReadGetMapReply(), _XimXGetReadData(),
XListFonts(), XListExtensions()
Discussion:
Public via:
http://www.
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106781.htmlhttp://www.debian.org/security/2013/dsa-2693http://www.openwall.com/lists/oss-security/2013/05/23/3http://www.ubuntu.com/usn/USN-1854-1http://www.x.org/wiki/Development/Security/Advisory-2013-05-23http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106781.htmlhttp://www.debian.org/security/2013/dsa-2693http://www.openwall.com/lists/oss-security/2013/05/23/3http://www.ubuntu.com/usn/USN-1854-1http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
2013-06-15
Published