Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

fix tests on big endians CVE-2013-6425, added patches from https://bugzilla.redhat.com/show_bug.cgi?id=1043743

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

CVE-2013-6425, added patches from https://bugzilla.redhat.com/show_bug.cgi?id=1043743

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

- Added     pixman-bnc853824-bfo67484-CVE-2013-6425-fix-underflow.pa     tch for bnc#853824. Fixes an integer underflow bug which     can cause a crash.

Fix CVE-2013-6425 (RHBZ #1043744)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially crafted coordinates, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-6425)

The remote host is affected by the vulnerability described in GLSA-201402-03 (Pixman: User-assisted execution of arbitrary code)

    The trapezoid handling code in Pixman contains an integer underflow       vulnerability.
  Impact :

    A context-dependent attacker could entice a user to open a specially       crafted file using an application linked against Pixman, possibly       resulting in  execution of arbitrary code with the privileges of the       process, or a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

This update fixes the following security issue with pixman :

  - Integer underflow when handling trapezoids. (bnc#853824,     CVE-2013-6425)

An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially crafted coordinates, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-6425)

All applications using pixman must be restarted for this update to take effect.

Updated pixman packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Pixman is a pixel manipulation library for the X Window System and Cairo.

An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially crafted coordinates, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-6425)

Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All applications using pixman must be restarted for this update to take effect.

From Red Hat Security Advisory 2013:1869 :

Updated pixman packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Pixman is a pixel manipulation library for the X Window System and Cairo.

An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially crafted coordinates, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-6425)

Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All applications using pixman must be restarted for this update to take effect.

Updated pixman package fixes security vulnerability :

Bryan Quigley discovered an integer underflow in pixman. If a user were tricked into opening a specially crafted file, an attacker could cause a denial of service via application crash (CVE-2013-6425).

Bryan Quigley discovered an integer underflow in Pixman which could lead to denial of service or the execution of arbitrary code.

ID	Name	Product	Family	Severity
77441	Fedora 19 : pixman-0.30.0-5.fc19 (2014-9399)	Nessus	Fedora Local Security Checks	medium
77227	Fedora 20 : pixman-0.30.0-5.fc20 (2014-9359)	Nessus	Fedora Local Security Checks	medium
77070	Fedora 20 : pixman-0.30.0-4.fc20 (2014-9063)	Nessus	Fedora Local Security Checks	medium
75406	openSUSE Security Update : pixman (openSUSE-SU-2014:0014-1)	Nessus	SuSE Local Security Checks	medium
75400	openSUSE Security Update : pixman (openSUSE-SU-2014:0007-1)	Nessus	SuSE Local Security Checks	medium
75396	openSUSE Security Update : pixman (openSUSE-SU-2014:0011-1)	Nessus	SuSE Local Security Checks	medium
74393	Fedora 19 : mingw-pixman-0.30.0-4.fc19 (2014-6829)	Nessus	Fedora Local Security Checks	medium
74391	Fedora 20 : mingw-pixman-0.30.0-5.fc20 (2014-6825)	Nessus	Fedora Local Security Checks	medium
72290	Amazon Linux AMI : pixman (ALAS-2014-272)	Nessus	Amazon Linux Local Security Checks	medium
72256	GLSA-201402-03 : Pixman: User-assisted execution of arbitrary code	Nessus	Gentoo Local Security Checks	medium
71835	SuSE 11.2 Security Update : pixman (SAT Patch Number 8701)	Nessus	SuSE Local Security Checks	medium
71834	SuSE 11.3 Security Update : pixman (SAT Patch Number 8697)	Nessus	SuSE Local Security Checks	medium
71630	Scientific Linux Security Update : pixman on SL5.x, SL6.x i386/x86_64 (20131220)	Nessus	Scientific Linux Local Security Checks	medium
71613	RHEL 5 / 6 : pixman (RHSA-2013:1869)	Nessus	Red Hat Local Security Checks	medium
71611	Oracle Linux 6 : pixman (ELSA-2013-1869)	Nessus	Oracle Linux Local Security Checks	medium
71609	Mandriva Linux Security Advisory : pixman (MDVSA-2013:302)	Nessus	Mandriva Local Security Checks	medium
71584	CentOS 5 / 6 : pixman (CESA-2013:1869)	Nessus	CentOS Local Security Checks	medium
71528	Debian DSA-2823-1 : pixman - integer underflow	Nessus	Debian Local Security Checks	medium

Detections

Analytics

CVE-2013-6425

high

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium