CVE-2013-1984

MEDIUM

Description

Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions.

References

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html

http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html

http://www.debian.org/security/2013/dsa-2683

http://www.openwall.com/lists/oss-security/2013/05/23/3

http://www.ubuntu.com/usn/USN-1859-1

http://www.x.org/wiki/Development/Security/Advisory-2013-05-23

Details

Source: MITRE

Published: 2013-06-15

Updated: 2020-08-24

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
99930Oracle Secure Global Desktop Multiple Vulnerabilities (April 2017 CPU) (SWEET32)NessusMisc.
high
80822Oracle Solaris Third-Party Patch Update : xorg (multiple_vulnerabilities_in_x_org1)NessusSolaris Local Security Checks
medium
79560Amazon Linux AMI : libX11 / libXcursor,libXfixes,libXi,libXrandr,libXrender,libXres,libXt,libXv,libXvMC,libXxf86dga,libXxf86vm,libdmx,xorg-x11-proto-devel (ALAS-2014-452)NessusAmazon Linux Local Security Checks
medium
79182CentOS 6 : libX11 / libXcursor / libXext / libXfixes / libXi / libXinerama / libXp / libXrandr / etc (CESA-2014:1436)NessusCentOS Local Security Checks
medium
78841Scientific Linux Security Update : X11 client libraries on SL6.x i386/x86_64 (20141014)NessusScientific Linux Local Security Checks
medium
78411RHEL 6 : X11 client libraries (RHSA-2014:1436)NessusRed Hat Local Security Checks
medium
75039openSUSE Security Update : libXi (openSUSE-SU-2013:1033-1)NessusSuSE Local Security Checks
medium
74028GLSA-201405-07 : X.Org X Server: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
69112SuSE 11.3 Security Update : xorg-x11-libs (SAT Patch Number 7944)NessusSuSE Local Security Checks
medium
67256SuSE 10 Security Update : xorg-x11 (ZYPP Patch Number 8623)NessusSuSE Local Security Checks
medium
67106SuSE 11.2 Security Update : xorg-x11-libs (SAT Patch Number 7846)NessusSuSE Local Security Checks
medium
66823Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : libxi vulnerabilities (USN-1859-1)NessusUbuntu Local Security Checks
medium
66798FreeBSD : xorg -- protocol handling issues in X Window System client libraries (2eebebff-cd3b-11e2-8f09-001b38c3836c)NessusFreeBSD Local Security Checks
medium
66744Fedora 18 : libXi-1.6.2.901-1.fc18 (2013-9108)NessusFedora Local Security Checks
medium
66620Fedora 19 : libXi-1.7.1-4.20130524git661c45ca1.fc19 (2013-9046)NessusFedora Local Security Checks
medium
66567Debian DSA-2683-1 : libxi - several vulnerabilitiesNessusDebian Local Security Checks
medium