CVE-2013-2003Integer Overflow or Wraparound in Libxcursor

CWE-189CWE-190Integer Overflow or WraparoundCWE-122Heap-based Buffer OverflowCWE-39938 documents11 sources
Severity
6.8MEDIUMNVD
EPSS
0.9%
top 24.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
X Libxcursor
Timeline
PublishedJun 15
Latest updateMay 17

Description

Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate function.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDx/libxcursor1.1.13+7

🔴Vulnerability Details

3
GHSA
GHSA-m53r-v9v7-fx9r: Integer overflow in X2022-05-17
OSV
CVE-2013-2003: Integer overflow in X2013-06-15
CVEList
CVE-2013-2003: Integer overflow in X2013-06-15

💥Exploits & PoCs

26
Exploit-DB
EMC AlphaStor Library Manager < 4.0 build 910 - Opcode 0x4f Buffer Overflow (Metasploit)2017-09-14
Exploit-DB
EMC CMCNE 11.2.1 - FileUploadController Remote Code Execution (Metasploit)2017-09-13
Exploit-DB
EMC CMCNE Inmservlets.war FileUploadController 11.2.1 - Remote Code Execution (Metasploit)2017-09-13
Exploit-DB
Microsoft Excel 2007/2010/2013 - BIFFRecord Use-After-Free2015-09-16
Exploit-DB
Microsoft Windows XP SP3 (x86) / 2003 SP2 (x86) - 'NDProxy' Local Privilege Escalation (MS14-002)2015-08-07

📋Vendor Advisories

4
Juniper
CVE-2013-4690: Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before 12.1R5-S3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on the SRX2013-07-11
Ubuntu
libxcursor vulnerability2013-06-05
Red Hat
libXcursor: Integer overflow leading to heap-based buffer overflow2013-05-23
Debian
CVE-2013-2003: libxcursor - Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trig...2013

🕵️Threat Intelligence

2
Talos
Microsoft Update Tuesday: January 2014, fix for the XP/2003 0-day vulnerability2014-01-14
Talos
Microsoft Update Tuesday: January 2014, fix for the XP/2003 0-day vulnerability2014-01-14

💬Community

2
Bugzilla
CVE-2013-2003 libXcursor: Integer overflow leading to heap-based buffer overlow [fedora-all]2013-05-24
Bugzilla
CVE-2013-2003 libXcursor: Integer overflow leading to heap-based buffer overflow2013-05-03
CVE-2013-2003 — Integer Overflow or Wraparound | cvebase