CVE-2013-6424 — Integer Underflow (Wrap or Wraparound) in Pixman

CWE-191 — Integer Underflow (Wrap or Wraparound)CWE-190 — Integer Overflow or Wraparound10 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

6.8%

top 8.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xorg-server Pixman Canonical Ubuntu Linux +2 more

Timeline

PublishedJan 18

Latest updateMay 13

Description

Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDpixman/pixman< 0.31.2

▶Debianx.org/xorg-server< 2:1.14.2.901-1+3

▶NVDopensuse/opensuse12.2, 12.3, 13.1+2

Also affects: Debian Linux 6.0, 7.0, Ubuntu Linux 12.04, 14.04, 14.10

Patches

Patch: lists.x.org ↗Patch: bugs.freedesktop.org ↗Patch: bugs.launchpad.net ↗

🔴Vulnerability Details

GHSA

GHSA-vp3j-rhgw-hr9f: Integer underflow in the xTrapezoidValid macro in render/picture↗2022-05-13

▶

OSV

xorg-server, xorg-server-lts-trusty, xorg-server-lts-utopic vulnerabilities↗2015-02-17

▶

OSV

CVE-2013-6424: Integer underflow in the xTrapezoidValid macro in render/picture↗2014-01-18

▶

CVEList

CVE-2013-6424: Integer underflow in the xTrapezoidValid macro in render/picture↗2014-01-18

▶

📋Vendor Advisories

Ubuntu

X.Org X server vulnerabilities↗2015-02-17

▶

Red Hat

xorg-x11-server: integer underflow when handling trapezoids↗2013-07-16

▶

Debian

CVE-2013-6424: xorg-server - Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allo...↗2013

▶

💬Community

Bugzilla

CVE-2013-6424 xorg-x11-server: integer underflow when handling trapezoids [fedora-all]↗2013-12-17

▶

Bugzilla

CVE-2013-6424 xorg-x11-server: integer underflow when handling trapezoids↗2013-12-04

▶