Vulnerability CVE-2013-2000 - Russian Vulnerability Scanner Database

Description

Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XDGAQueryModes and (2) XDGASetMode functions.

Tags · CWE

CWE-119

CWE-129

CAPEC-8

CAPEC-9

CAPEC-10

CAPEC-14

CAPEC-24

CAPEC-42

CAPEC-44

CAPEC-45

CAPEC-46

CAPEC-47

CAPEC-100

CAPEC-123

Affected products

Libx11LibxcursorLibxextLibxfixesLibxiLibxineramaLibxpLibxrandrLibxrenderLibxresLibxtLibxtstLibxvLibxvmcLibxxf86dgaLibxxf86vmLibdmxLibxcbLibxxf86dgaXcb-proto

CVSS vector

AV:A/AC:H/Au:N/C:P/I:P/A:P

Timeline

2013-01-01

Published

2013-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: A

Adjacent Network (A)

Attack Complexity

AC: H

High (H)

Authentication

Au: N

None (N)

Confidentiality Impact

C: P

Partial

Integrity Impact

I: P

Partial

Availability Impact

A: P

Partial

Exploit indicators

EPSS

0.007 · p72

Known exploited (KEV)

No

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected software

Product	Vendor	Status
libX11		Tracked
libXcursor		Tracked
libXext		Tracked
libXfixes		Tracked
libXi		Tracked
libXinerama		Tracked
libXp		Tracked
libXrandr		Tracked
libXrender		Tracked
libXres		Tracked
libXt		Tracked
libXtst		Tracked
libXv		Tracked
libXvMC		Tracked
libXxf86dga		Tracked
libXxf86vm		Tracked
libdmx		Tracked
libxcb		Tracked
libxxf86dga		Tracked
xcb-proto		Tracked

Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute …