SB2013052418 - Input validation error in libxext (Alpine package)
Published: May 24, 2013
Security Bulletin ID
SB2013052418
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2013-1982)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XcupGetReservedColormapEntries, (2) XcupStoreColors, (3) XdbeGetVisualInfo, (4) XeviGetVisualInfo, (5) XShapeGetRectangles, and (6) XSyncListSystemCounters functions.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=25d30f9478810a90f9cb37d2e07f8852701d2c27
- https://git.alpinelinux.org/aports/commit/?id=7731c3ef165599add503215adc3de7896345772e
- https://git.alpinelinux.org/aports/commit/?id=7a81be8a2261e9f9a3a29be46d019ba5acbf819f
- https://git.alpinelinux.org/aports/commit/?id=adf915bf8b5c4ff1c07648f42cee8ab4d804dede