SB2013052413 - Buffer overflow in libxv (Alpine package)
Published: May 24, 2013
Security Bulletin ID
SB2013052413
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2013-2066)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvQueryPortAttributes function.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=37cf490be0ef9ff272a62336da9c67ed7b274498
- https://git.alpinelinux.org/aports/commit/?id=4b84d993c5872e6577785940b18f56b9b44b8c1a
- https://git.alpinelinux.org/aports/commit/?id=a04d1c8ff925273f3caf3a46393cf73ac2b96ab5
- https://git.alpinelinux.org/aports/commit/?id=b4533b004c2bbda030d78227ade9c89751562266