CVE-2013-7439

2015-04-0900:00:00

ubuntu.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

86.1%

JSON

Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros
in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote
attackers to have unspecified impact via a crafted request, which triggers
a buffer overflow.

Bugs

Notes

Author	Note
mdeslaur	all build dependencies that use the MakeBigReq macro, or that use the SetReqLen macro need to be rebuilt

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchlibx11< 2:1.4.99.1-0ubuntu2.3UNKNOWN
ubuntu12.04noarchlibxrender< 1:0.9.6-2ubuntu0.2UNKNOWN
ubuntu14.04noarchlibxrender< 1:0.9.8-1build0.14.04.1UNKNOWN
ubuntu14.10noarchlibxrender< 1:0.9.8-1build0.14.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	libx11	< 2:1.4.99.1-0ubuntu2.3	UNKNOWN
ubuntu	12.04	noarch	libxrender	< 1:0.9.6-2ubuntu0.2	UNKNOWN
ubuntu	14.04	noarch	libxrender	< 1:0.9.8-1build0.14.04.1	UNKNOWN
ubuntu	14.10	noarch	libxrender	< 1:0.9.8-1build0.14.10.1	UNKNOWN