CVE-2013-6425Integer Underflow (Wrap or Wraparound) in Pixman

CWE-191Integer Underflow (Wrap or Wraparound)CWE-190Integer Overflow or Wraparound10 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
3.0%
top 13.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
PixmanCanonical Ubuntu LinuxDebian Linux+7 more
Timeline
PublishedJan 18
Latest updateMay 13

Description

Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages6 packages

NVDpixman/pixman< 0.32.0
Debianpixman/pixman< 0.30.2-2+3
NVDopensuse/opensuse4 versions+3

Also affects: Debian Linux 6.0, 7.0, Ubuntu Linux 12.04, 12.10, 13.04, 13.10, Enterprise Linux 6.5

Patches

Patch: cgit.freedesktop.orgPatch: lists.freedesktop.orgPatch: bugs.freedesktop.org

🔴Vulnerability Details

3
GHSA
GHSA-pm7m-xq2w-2q3x: Integer underflow in the pixman_trapezoid_valid macro in pixman2022-05-13
OSV
CVE-2013-6425: Integer underflow in the pixman_trapezoid_valid macro in pixman2014-01-18
CVEList
CVE-2013-6425: Integer underflow in the pixman_trapezoid_valid macro in pixman2014-01-18

📋Vendor Advisories

2
Red Hat
pixman: integer underflow when handling trapezoids2013-07-16
Debian
CVE-2013-6425: pixman - Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman befo...2013

💬Community

4
Bugzilla
CVE-2013-6425 mingw-pixman: pixman: integer underflow when handling trapezoids [fedora-all]2013-12-17
Bugzilla
CVE-2013-6425 pixman: integer underflow when handling trapezoids [fedora-all]2013-12-17
Bugzilla
CVE-2013-6425 mingw32-pixman: pixman: integer underflow when handling trapezoids [epel-5]2013-12-17
Bugzilla
CVE-2013-6425 pixman: integer underflow when handling trapezoids2013-12-04
CVE-2013-6425 — Integer Underflow (Wrap or Wraparound) | cvebase