CVE-2013-1997Improper Restriction of Operations within the Bounds of a Memory Buffer in Libx11

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-129Improper Validation of Array IndexCWE-122Heap-based Buffer Overflow9 documents9 sources
Severity
6.8MEDIUMNVD
EPSS
0.7%
top 27.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
X.org Libx11X Libx11
Timeline
PublishedJun 15
Latest updateMay 17

Description

Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (1

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

Debianx.org/libx11< 2:1.5.0-1+deb7u1+3
NVDx/libx111.5.99.901+1

🔴Vulnerability Details

3
GHSA
GHSA-x42r-v45p-29g6: Multiple buffer overflows in X2022-05-17
OSV
CVE-2013-1997: Multiple buffer overflows in X2013-06-15
CVEList
CVE-2013-1997: Multiple buffer overflows in X2013-06-15

📋Vendor Advisories

3
Ubuntu
libx11 vulnerabilities2013-06-05
Red Hat
libX11: Multiple Array Index error leading to heap-based OOB write2013-05-23
Debian
CVE-2013-1997: libx11 - Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow...2013

💬Community

1
Bugzilla
CVE-2013-1997 libX11: Multiple Array Index error leading to heap-based OOB write2013-05-07
CVE-2013-1997 — X Libx11 vulnerability | cvebase