Vulnerability Details CVE-2013-1984
Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.1%
CVSS Severity
CVSS v2 Score 6.8
References
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html
- http://www.debian.org/security/2013/dsa-2683
- http://www.openwall.com/lists/oss-security/2013/05/23/3
- http://www.ubuntu.com/usn/USN-1859-1
- http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html
- http://www.debian.org/security/2013/dsa-2683
- http://www.openwall.com/lists/oss-security/2013/05/23/3
- http://www.ubuntu.com/usn/USN-1859-1
- http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
Products affected by CVE-2013-1984
-
cpe:2.3:a:x.org:libxi:1.5.0
-
cpe:2.3:a:x.org:libxi:1.5.99.2
-
cpe:2.3:a:x.org:libxi:1.5.99.3
-
cpe:2.3:a:x.org:libxi:1.6.0
-
cpe:2.3:a:x.org:libxi:1.6.1
-
cpe:2.3:a:x.org:libxi:1.6.2
-
cpe:2.3:a:x.org:libxi:1.6.99.1
-
cpe:2.3:a:x.org:libxi:1.7
-
cpe:2.3:a:x.org:libxi:1.7.1