CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
84.7%
Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions.
Vendor | Product | Version | CPE |
---|---|---|---|
x.org | libxi | * | cpe:2.3:a:x.org:libxi:*:*:*:*:*:*:*:* |
x.org | libxi | 1.5.0 | cpe:2.3:a:x.org:libxi:1.5.0:*:*:*:*:*:*:* |
x.org | libxi | 1.5.99.2 | cpe:2.3:a:x.org:libxi:1.5.99.2:*:*:*:*:*:*:* |
x.org | libxi | 1.5.99.3 | cpe:2.3:a:x.org:libxi:1.5.99.3:*:*:*:*:*:*:* |
x.org | libxi | 1.6.0 | cpe:2.3:a:x.org:libxi:1.6.0:*:*:*:*:*:*:* |
x.org | libxi | 1.6.1 | cpe:2.3:a:x.org:libxi:1.6.1:*:*:*:*:*:*:* |
x.org | libxi | 1.6.2 | cpe:2.3:a:x.org:libxi:1.6.2:*:*:*:*:*:*:* |
x.org | libxi | 1.6.99.1 | cpe:2.3:a:x.org:libxi:1.6.99.1:*:*:*:*:*:*:* |
x.org | libxi | 1.7 | cpe:2.3:a:x.org:libxi:1.7:*:*:*:*:*:*:* |
lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html
lists.opensuse.org/opensuse-updates/2013-06/msg00161.html
www.debian.org/security/2013/dsa-2683
www.openwall.com/lists/oss-security/2013/05/23/3
www.securityfocus.com/bid/60127
www.ubuntu.com/usn/USN-1859-1
www.x.org/wiki/Development/Security/Advisory-2013-05-23