Vulnerability in X.org Libx11
CVE-2013-7439
Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.
EPSS: 0.021 (84.5th percentile) — read the EPSS interpretation.
Affected products
- X.org Libx11 — versions 1.0.1, 1.0.2, 1.0.3
- X.org X11 — versions 6.0, 6.1, 6.3
- Canonical Ubuntu_linux — versions 12.04, 14.04, 14.10
- Debian Debian_linux — versions 7.0
- N/a — versions n/a
Weakness classification (CWE)
References
- USN-2568-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
- security@ubuntu.com (x_refsource_CONFIRM)
- 73962 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- DSA-3224 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- [oss-security] 20150409 Re: CVE Request: libX11: buffer overflow in MakeBigReq macro (mailing-list, x_refsource_MLIST, Third Party Advisory, VDB Entry)
- [xorg-announce] 20150414 [ANNOUNCE] X.Org Security Advisory: Buffer overflow in MakeBigReq macro (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)
- security@ubuntu.com (x_refsource_CONFIRM, Issue Tracking)