CVE-2013-1989

Published: 23 May 2013

Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvQueryPortAttributes, (2) XvListImageFormats, and (3) XvCreateImage function.

Priority

Status

Package	Release	Status
libxv Launchpad, Ubuntu, Debian	lucid	Ignored (reached end-of-life)
	precise	Released (2:1.0.6-2ubuntu0.1)
	quantal	Released (2:1.0.7-1ubuntu0.12.10.1)
	raring	Released (2:1.0.7-1ubuntu0.13.04.1)
	upstream	Pending (1.0.8)
	Patches: upstream: http://cgit.freedesktop.org/xorg/lib/libXv/commit/?id=79362c764a6df7e7fbe5247756bdbf60f3a58baf upstream: http://cgit.freedesktop.org/xorg/lib/libXv/commit/?id=6e1b743a276651195be3cd68dff41e38426bf3ab (1/3) upstream: http://cgit.freedesktop.org/xorg/lib/libXv/commit/?id=59301c1b5095f7dc6359d5b396dbbcdee7038270 (2/3) upstream: http://cgit.freedesktop.org/xorg/lib/libXv/commit/?id=50fc4cb18069cb9450a02c13f80223ef23511409 (3/3)

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›