Published: 15/06/2013 Updated: 25/11/2013

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple integer overflows in X.org libXxf86dga 1.1.3 and previous versions allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XDGAQueryModes and (2) XDGASetMode functions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
x libxxf86dga 1.0.2
x libxxf86dga 1.0.1
x libxxf86dga
x libxxf86dga 1.1.2
x libxxf86dga 1.1.1
x libxxf86dga 1.1
x libxxf86dga 1.0.99.2
x libxxf86dga 1.0.99.1

Several security issues were fixed in libxxf86dga ...

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data An attacker able to submit invalid protocol data to an X11 server via a malicious X11 client could use either of these flaws to potentially escalate their privileges on the system (CVE-2013-1981 ...

Multiple integer overflows in Xorg libXxf86dga 113 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XDGAQueryModes and (2) XDGASetMode functions ...

CWE-189 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 http://www.openwall.com/lists/oss-security/2013/05/23/3 http://www.debian.org/security/2013/dsa-2690 http://www.ubuntu.com/usn/USN-1869-1 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106870.html https://usn.ubuntu.com/1869-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-1991

CVE-2013-1991

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect