Published: 15/06/2013 Updated: 12/09/2013

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple integer overflows in X.org libXp 1.0.1 and previous versions allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XpGetAttributes, (2) XpGetOneAttribute, (3) XpGetPrinterList, and (4) XpQueryScreens functions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
x libxp 1.0.0
x libxp

Several security issues were fixed in libxp ...

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data An attacker able to submit invalid protocol data to an X11 server via a malicious X11 client could use either of these flaws to potentially escalate their privileges on the system (CVE-2013-1981 ...

Multiple integer overflows in Xorg libXp 101 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XpGetAttributes, (2) XpGetOneAttribute, (3) XpGetPrinterList, and (4) XpQueryScreens functions ...

CWE-189 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 http://www.openwall.com/lists/oss-security/2013/05/23/3 http://www.ubuntu.com/usn/USN-1861-1 http://www.debian.org/security/2013/dsa-2685 http://lists.opensuse.org/opensuse-updates/2013-06/msg00170.html https://usn.ubuntu.com/1861-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-2062

CVE-2013-2062

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect