Buffer overflow in libx11

#VU33314 Buffer overflow in libx11

Published: 2013-06-15 | Updated: 2020-08-03

Vulnerability identifier: #VU33314

Vulnerability risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2013-2004

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libx11
Other software / Other software solutions

Vendor: xorg.freedesktop.org

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file.

Mitigation
Install update from vendor's website.

Vulnerable software versions

libx11: 1.5.99.901

External links
http://www.debian.org/security/2013/dsa-2693
http://www.openwall.com/lists/oss-security/2013/05/23/3
http://www.ubuntu.com/usn/USN-1854-1
http://www.x.org/wiki/Development/Security/Advisory-2013-05-23

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM BladeCenter Advanced Management Module (AMM)

Multiple vulnerabilities in HP-UX Running X Windows Libraries

Amazon Linux AMI update for libX11, libXcursor, libXfixes, libXi, libXrandr, libXrender, libXres, libXt, libXv, libXvMC, libXxf86dga, libXxf86vm, libdmx, xorg-x11-proto-devel

Buffer overflow in xorg.freedesktop libx11

Buffer overflow in libx11 (Alpine package)