CVE-2013-2004Improper Restriction of Operations within the Bounds of a Memory Buffer in Libx11

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-835Infinite LoopCWE-121Stack-based Buffer Overflow11 documents8 sources
Severity
6.8MEDIUMNVD
EPSS
0.4%
top 39.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
X.org Libx11X Libx11
Timeline
PublishedJun 15
Latest updateMay 17

Description

The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

Debianx.org/libx11< 2:1.5.0-1+deb7u1+3
NVDx/libx111.5.99.901+1

🔴Vulnerability Details

3
GHSA
GHSA-wmfq-hvmh-r97h: The (1) GetDatabase and (2) _XimParseStringFile functions in X2022-05-17
OSV
CVE-2013-2004: The (1) GetDatabase and (2) _XimParseStringFile functions in X2013-06-15
CVEList
CVE-2013-2004: The (1) GetDatabase and (2) _XimParseStringFile functions in X2013-06-15

📋Vendor Advisories

4
Ubuntu
libx11 vulnerabilities2013-06-05
Red Hat
libX11: unbounded recursion leading to stack-overflow2013-05-23
Red Hat
kvm: qemu-nbd block format auto-detection vulnerability2013-04-15
Debian
CVE-2013-2004: libx11 - The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99...2013

💬Community

3
Bugzilla
CVE-2013-1981 CVE-2013-2004 libX11 various flaws [fedora-all]2013-05-23
Bugzilla
CVE-2013-2004 libX11: unbounded recursion leading to stack-overflow2013-05-03
Bugzilla
CVE-2013-1922 qemu, qemu-kvm, kvm: qemu-nbd block format auto-detection vulnerability2013-03-19
CVE-2013-2004 — X Libx11 vulnerability | cvebase