CVE-2013-2064

Severity

68%

Complexity

86%

Confidentiality

106%

Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 11 years ago

2013-06-15 19:55:00

Last updated 6 years ago

2018-10-30 16:27:00

Affected Software

Debian GNU/Linux 6.0

6.0

Debian Linux 7.0

7.0

Oracle Secure Global Desktop 4.71

4.71

Oracle Secure Global Desktop 5.2

5.2

Canonical Ubuntu Linux 10.04 LTS

10.04

Canonical Ubuntu Linux 12.04 LTS

12.04

Canonical Ubuntu Linux 12.10

12.10

Canonical Ubuntu Linux 13.04

13.04

OpenSUSE 12.2

12.2

OpenSUSE 12.3

12.3

Fedora 19

19

X.Org libxcb 1.1.90.1

1.1.90.1

X.Org libxcb 1.1.91

1.1.91

X.Org libxcb 1.1.92

1.1.92

X.Org libxcb 1.1.93

1.1.93

X.Org libxcb 1.2

1.2

X.Org libxcb 1.3

1.3

X.Org libxcb 1.4

1.4

X.Org libxcb 1.5

1.5

X.Org libxcb 1.6

1.6

X.Org libxcb 1.7

1.7

X.Org libxcb 1.8

1.8

X.Org libxcb 1.8,1

1.8.1

References

[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Vendor Advisory

60148

USN-1855-1