CVE-2013-7439
published 2015-04-16CVE-2013-7439: Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
4.28%
89.9th percentile
Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.
Affected
52 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | libx11 | < libx11 2:1.6.0-1 (bookworm) | libx11 2:1.6.0-1 (bookworm) |
| x.org | libx11 | — | — |
| x.org | libx11 | — | — |
| x.org | libx11 | — | — |
| x.org | libx11 | — | — |
| x.org | libx11 | — | — |
| x.org | libx11 | — | — |
| x.org | libx11 | — | — |
| x.org | libx11 | — | — |
| x.org | libx11 | — | — |
| x.org | libx11 | — | — |
| x.org | libx11 | — | — |
| x.org | libx11 | — | — |
| x.org | libx11 | — | — |
| x.org | libx11 | — | — |
| x.org | libx11 | — | — |
| x.org | libx11 | — | — |
| x.org | libx11 | — | — |
| x.org | libx11 | — | — |
| x.org | libx11 | — | — |
| x.org | libx11 | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
libx11, libxrender vulnerability
vendor_ubuntu·2015-04-13
CVE-2013-7439 libx11, libxrender vulnerability
Title: libx11, libxrender vulnerability
Summary: libx11 could be made to crash or run programs if it processed specially
crafted data.
Abhishek Arya discovered that libX11 incorrectly handled memory in the
MakeBigReq macro. A remote attacker could use this issue to cause
applications to crash, resulting in a denial of service, or possibly
execute arbitrary code.
In addition, following the macro fix in libx11, a number of other packages
have also been rebuilt as security updates including libxrender, libxext,
libxi, libxfixes, libxrandr, libsdl1.2, libxv, libxp, and
xserver-xorg-video-vmware.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Red Hat
libX11: buffer overflow in MakeBigReq macro
vendor_redhat·2013-03-09·CVSS 7.5
CVE-2013-7439 [HIGH] CWE-119 libX11: buffer overflow in MakeBigReq macro
libX11: buffer overflow in MakeBigReq macro
Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.
Statement: This issue does not affect the version of libX11 package as shipped with Red Hat Enterprise Linux 7.
This issue was was fixed in Red Hat Enterprise Linux 6 via the following security advisory:
https://rhn.redhat.com/errata/RHSA-2014-1436.html
This issue affects the version of libX11 package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in futur
Debian
CVE-2013-7439: libx11 - Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in inc...
vendor_debian·2013·CVSS 7.5
CVE-2013-7439 [HIGH] CVE-2013-7439: libx11 - Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in inc...
Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.
Scope: local
bookworm: resolved (fixed in 2:1.6.0-1)
bullseye: resolved (fixed in 2:1.6.0-1)
forky: resolved (fixed in 2:1.6.0-1)
sid: resolved (fixed in 2:1.6.0-1)
trixie: resolved (fixed in 2:1.6.0-1)
GHSA
GHSA-rq5m-5v65-q84q: Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint
ghsa_unreviewed·2022-05-17
CVE-2013-7439 [HIGH] GHSA-rq5m-5v65-q84q: Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint
Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.
OSV
CVE-2013-7439: Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint
osv·2015-04-16·CVSS 7.5
CVE-2013-7439 [HIGH] CVE-2013-7439: Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint
Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.
No detection rules found.
No public exploits indexed.
http://lists.x.org/archives/xorg-announce/2015-April/002561.htmlhttp://seclists.org/oss-sec/2015/q2/81http://www.debian.org/security/2015/dsa-3224http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.securityfocus.com/bid/73962http://www.ubuntu.com/usn/USN-2568-1https://bugs.freedesktop.org/show_bug.cgi?id=56508http://lists.x.org/archives/xorg-announce/2015-April/002561.htmlhttp://seclists.org/oss-sec/2015/q2/81http://www.debian.org/security/2015/dsa-3224http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.securityfocus.com/bid/73962http://www.ubuntu.com/usn/USN-2568-1https://bugs.freedesktop.org/show_bug.cgi?id=56508
2015-04-16
Published