Vulnerability Details CVE-2013-2064
Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.3%
CVSS Severity
CVSS v2 Score 6.8
References
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106752.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00137.html
- http://www.debian.org/security/2013/dsa-2686
- http://www.openwall.com/lists/oss-security/2013/05/23/3
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.securityfocus.com/bid/60148
- http://www.ubuntu.com/usn/USN-1855-1
- http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106752.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00137.html
- http://www.debian.org/security/2013/dsa-2686
- http://www.openwall.com/lists/oss-security/2013/05/23/3
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.securityfocus.com/bid/60148
- http://www.ubuntu.com/usn/USN-1855-1
- http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
Products affected by CVE-2013-2064
-
cpe:2.3:a:oracle:secure_global_desktop:4.71
-
cpe:2.3:a:oracle:secure_global_desktop:5.2
-
cpe:2.3:a:x:libxcb:1.1.90.1
-
cpe:2.3:a:x:libxcb:1.1.91
-
cpe:2.3:a:x:libxcb:1.1.92
-
cpe:2.3:a:x:libxcb:1.1.93
-
cpe:2.3:a:x:libxcb:1.2
-
cpe:2.3:a:x:libxcb:1.3
-
cpe:2.3:a:x:libxcb:1.4
-
cpe:2.3:a:x:libxcb:1.5
-
cpe:2.3:a:x:libxcb:1.6
-
cpe:2.3:a:x:libxcb:1.7
-
cpe:2.3:a:x:libxcb:1.8
-
cpe:2.3:a:x:libxcb:1.8.1
-
cpe:2.3:a:x:libxcb:1.9
-
cpe:2.3:o:canonical:ubuntu_linux:10.04
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:12.10
-
cpe:2.3:o:canonical:ubuntu_linux:13.04
-
cpe:2.3:o:debian:debian_linux:6.0
-
cpe:2.3:o:debian:debian_linux:7.0
-
cpe:2.3:o:fedoraproject:fedora:19
-
cpe:2.3:o:opensuse:opensuse:12.2
-
cpe:2.3:o:opensuse:opensuse:12.3