SB2013052402 - Input validation error in libxi (Alpine package)
Published: May 24, 2013
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Input validation error (CVE-ID: CVE-2013-1984)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=daf9b293c5e40e9edb1b89794e235f3dcbfe9917
- https://git.alpinelinux.org/aports/commit/?id=15b6a406ae860e56be980661f32ac330a814158d
- https://git.alpinelinux.org/aports/commit/?id=04adcbb8d0e9999441ed2b2167b3dda47a0372c4
- https://git.alpinelinux.org/aports/commit/?id=12ae6c6dff5d79147ae77b188fcdc11f28fc3cee