Published: 15/06/2013 Updated: 25/11/2013

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple buffer overflows in X.org libXxf86dga 1.1.3 and previous versions allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XDGAQueryModes and (2) XDGASetMode functions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
x libxxf86dga
x libxxf86dga 1.0.1
x libxxf86dga 1.1.2
x libxxf86dga 1.1.1
x libxxf86dga 1.1
x libxxf86dga 1.0.99.2
x libxxf86dga 1.0.99.1
x libxxf86dga 1.0.2

Several security issues were fixed in libxxf86dga ...

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data An attacker able to submit invalid protocol data to an X11 server via a malicious X11 client could use either of these flaws to potentially escalate their privileges on the system (CVE-2013-1981 ...

Multiple buffer overflows in Xorg libXxf86dga 113 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XDGAQueryModes and (2) XDGASetMode functions ...

CWE-119 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 http://www.openwall.com/lists/oss-security/2013/05/23/3 http://www.debian.org/security/2013/dsa-2690 http://www.ubuntu.com/usn/USN-1869-1 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106870.html https://usn.ubuntu.com/1869-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-2000

CVE-2013-2000

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect