CVE-2013-7439Improper Restriction of Operations within the Bounds of a Memory Buffer in Libx11

CWE-189CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents8 sources
Severity
7.5HIGHNVD
EPSS
1.9%
top 16.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
X.org Libx11Canonical Ubuntu LinuxDebian Linux+1 more
Timeline
PublishedApr 16
Latest updateMay 17

Description

Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

Debianx.org/libx11< 2:1.6.0-1+3
NVDx.org/libx1132 versions+31
NVDx.org/x1111 versions+10

Also affects: Debian Linux 7.0, Ubuntu Linux 12.04, 14.04, 14.10

Patches

Patch: lists.x.orgPatch: lists.x.org

🔴Vulnerability Details

3
GHSA
GHSA-rq5m-5v65-q84q: Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint2022-05-17
CVEList
CVE-2013-7439: Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint2015-04-16
OSV
CVE-2013-7439: Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint2015-04-16

📋Vendor Advisories

3
Ubuntu
libx11, libxrender vulnerability2015-04-13
Red Hat
libX11: buffer overflow in MakeBigReq macro2013-03-09
Debian
CVE-2013-7439: libx11 - Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in inc...2013

💬Community

1
Bugzilla
CVE-2013-7439 libX11: buffer overflow in MakeBigReq macro2015-04-08
CVE-2013-7439 — X.org Libx11 vulnerability | cvebase