Vulnerability in Oracle Secure_global_desktop
CVE-2013-2064
Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.
EPSS: 0.009 (76.7th percentile) — read the EPSS interpretation.
Affected products
- Oracle Secure_global_desktop — versions 4.71, 5.2
- X Libxcb — versions 1.1.90.1, 1.1.91, 1.1.92
- Canonical Ubuntu_linux — versions 10.04, 12.04, 12.10
- Debian Debian_linux — versions 6.0, 7.0
- Fedoraproject Fedora — versions 19
- Opensuse — versions 12.2, 12.3
- N/a — versions n/a
Weakness classification (CWE)
References
- DSA-2686 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
- FEDORA-2013-9070 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)
- openSUSE-SU-2013:1007 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
- USN-1855-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
- 60148 (vdb-entry, x_refsource_BID)
- [oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries (mailing-list, x_refsource_MLIST, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)