CVE-2013-2001 : Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly

Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGetGammaRamp function.

Published 2013-06-15 20:55:01

Updated 2013-11-25 04:32:36

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowExecute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2013-2001

Probability of exploitation activity in the next 30 days: 1.16%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 83 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-2001

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2013-2001

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-2001

http://www.ubuntu.com/usn/USN-1870-1

USN-1870-1: libxxf86vm vulnerability | Ubuntu security notices
http://lists.opensuse.org/opensuse-updates/2013-06/msg00165.html

openSUSE-SU-2013:1041-1: moderate: update for libXxf86vm
http://www.debian.org/security/2013/dsa-2692

Debian -- Security Information -- DSA-2692-1 libxxf86vm
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106872.html

[SECURITY] Fedora 19 Update: libXxf86vm-1.1.2-5.20130524git4c4123441.fc19
http://www.openwall.com/lists/oss-security/2013/05/23/3

oss-security - Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries

CVEs referencing this url
http://www.x.org/wiki/Development/Security/Advisory-2013-05-23

X.Org Security Advisory: May 23, 2013
Vendor Advisory

CVEs referencing this url

Products affected by CVE-2013-2001

X » Libxxf86vm
Versions up to, including, (<=) 1.1.2
cpe:2.3:a:x:libxxf86vm:*:*:*:*:*:*:*:*
Matching versions
X » Libxxf86vm » Version: 1.1.1
cpe:2.3:a:x:libxxf86vm:1.1.1:*:*:*:*:*:*:*
Matching versions
X » Libxxf86vm » Version: 1.1.0
cpe:2.3:a:x:libxxf86vm:1.1.0:*:*:*:*:*:*:*
Matching versions
X » Libxxf86vm » Version: 1.0.99.1
cpe:2.3:a:x:libxxf86vm:1.0.99.1:*:*:*:*:*:*:*
Matching versions
X » Libxxf86vm » Version: 1.0.2
cpe:2.3:a:x:libxxf86vm:1.0.2:*:*:*:*:*:*:*
Matching versions
X » Libxxf86vm » Version: 1.0.1
cpe:2.3:a:x:libxxf86vm:1.0.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-2001

Exploit prediction scoring system (EPSS) score for CVE-2013-2001

CVSS scores for CVE-2013-2001

CWE ids for CVE-2013-2001

References for CVE-2013-2001

Products affected by CVE-2013-2001