Skip to main content

Libx11 CVE-2013-1997

MEDIUM
Buffer Overflow (CWE-119)
2013-06-15 secalert@redhat.com
6.8
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Jun 15, 2013 - 20:55 cve.org
MEDIUM 6.8

DescriptionCVE.org

Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions.

AnalysisAI

Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions. Affected products include: X Libx11.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

More in Libx11

View all
CVE-2021-31535 CRITICAL POC
9.8 May 27

LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. R

CVE-2020-14363 HIGH POC
7.8 Sep 11

An integer overflow vulnerability leading to a double-free was found in libX11. Rated high severity (CVSS 7.8), this vul

CVE-2016-7942 CRITICAL
9.8 Dec 13

The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involvin

CVE-2016-7943 CRITICAL
9.8 Dec 13

The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involvi

CVE-2018-14600 CRITICAL
9.8 Aug 24

An issue was discovered in libX11 through 1.6.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2018-14599 CRITICAL
9.8 Aug 24

An issue was discovered in libX11 through 1.6.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2013-7439 HIGH
7.5 Apr 16

Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11

CVE-2023-43787 HIGH
7.8 Oct 10

A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. Rated high severity (

CVE-2023-3138 HIGH
7.5 Jun 28

A vulnerability was found in libX11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no auth

CVE-2018-14598 HIGH
7.5 Aug 24

An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. Rated high severity (CVSS 7.5), this vu

CVE-2013-1981 MEDIUM
6.8 Jun 15

Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of ins

CVE-2013-2004 MEDIUM
6.8 Jun 15

The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restri

Share

CVE-2013-1997 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy