Vulnerability in Mesa3d Mesa
CVE-2013-1993
Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName…
EPSS: 0.020 (84.0th percentile) — read the EPSS interpretation.
Affected products
- Mesa3d Mesa — versions 9.0, 9.0.1, 9.0.2
- X Libglx
- N/a — versions n/a
Weakness classification (CWE)
References
- [Mesa-dev] 20130523 [PATCH:mesa 1/2] integer overflow in XF86DRIOpenConnection() [CVE-2013-1993 1/2] (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_CONFIRM)
- DSA-2678 (vendor-advisory, x_refsource_DEBIAN)
- openSUSE-SU-2013:0865 (vendor-advisory, x_refsource_SUSE)
- USN-1888-1 (x_refsource_UBUNTU, vendor-advisory)
- MDVSA-2013:181 (vendor-advisory, x_refsource_MANDRIVA)
- RHSA-2013:0898 (x_refsource_REDHAT, vendor-advisory)
- RHSA-2013:0897 (x_refsource_REDHAT, vendor-advisory)
- [Mesa-dev] 20130523 [PATCH:mesa 2/2] integer overflow in XF86DRIGetClientDriverName() [CVE-2013-1993 2/2] (mailing-list, x_refsource_MLIST)
- [oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries (mailing-list, x_refsource_MLIST)