CVE-2013-1990

Published: 23 May 2013

Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvMCListSurfaceTypes and (2) XvMCListSubpictureTypes functions.

Priority

Medium

Status

Package Release Status
libxvmc
Launchpad, Ubuntu, Debian 		Upstream Pending
(1.0.8)
Patches:
Upstream: http://cgit.freedesktop.org/xorg/lib/libXvMC/commit/?id=cf1a1dc1b9ca34a29d0471da9389f8eae70ddbd9
Upstream: http://cgit.freedesktop.org/xorg/lib/libXvMC/commit/?id=2712383813b26475dc6713888414d842be57f8ca (1/2)
Upstream: http://cgit.freedesktop.org/xorg/lib/libXvMC/commit/?id=478d4e5873eeee2ebdce6673e4e3469816ab63b8 (2/2)
Upstream: http://cgit.freedesktop.org/xorg/lib/libXvMC/commit/?id=5fd871e5f878810f8f8837725d548e07e89577ab (related?)

Notes

AuthorNote
mdeslaur 
watch for regression fixed in dsa-2675-2

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading