Main Vulnerability Database SB2013052419

SB2013052419 - Input validation error in libxcursor (Alpine package)

Published: May 24, 2013

Security Bulletin ID SB2013052419

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2013-2003)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate function.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=b870177a48d0e336e6c2a4dc857d0880a1fd337e
https://git.alpinelinux.org/aports/commit/?id=12fb9608ca0d7e1478f57863518a56e57fc759bc
https://git.alpinelinux.org/aports/commit/?id=2fb051ed15fb064a198e469862c3fcdee76d241f
https://git.alpinelinux.org/aports/commit/?id=cb0cd770ba3f64b0c0804962bc03dda167a4c207