Main Vulnerability Database SB2013052409

SB2013052409 - Buffer overflow in libxxf86vm (Alpine package)

Published: May 24, 2013

Security Bulletin ID SB2013052409

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Buffer overflow (CVE-ID: CVE-2013-2001)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGetGammaRamp function.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=96ea7ed36226ab6d8c614f1136d6d6547c1cc123
https://git.alpinelinux.org/aports/commit/?id=a632a13327ab882c590bbae004b3be338edc14cf
https://git.alpinelinux.org/aports/commit/?id=cc8d5025d34be80ac5784072d6a9f05d926b818e
https://git.alpinelinux.org/aports/commit/?id=fc76f7f8573bd5923b5d901c536dc7adf16e4060