Your submission was sent successfully! Close

CVE-2013-6424

Published: 18 January 2014

Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

Priority

Low

Status

Package Release Status
xorg
Launchpad, Ubuntu, Debian
lucid Not vulnerable
(code not present)
precise Not vulnerable
(code not present)
quantal Not vulnerable
(code not present)
raring Not vulnerable
(code not present)
saucy Not vulnerable
(code not present)
trusty Does not exist
(trusty was not-affected [code not present])
upstream Needs triage

utopic Not vulnerable
(code not present)
xorg-server
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (2:1.11.4-0ubuntu10.17)
quantal Ignored
(reached end-of-life)
raring Ignored
(reached end-of-life)
saucy Not vulnerable
(2:1.14.5-1ubuntu2~saucy1)
trusty Not vulnerable
(2:1.14.3-3ubuntu3)
upstream Needed

utopic Not vulnerable
(2:1.14.3-3ubuntu3)

Notes

AuthorNote
mdeslaur
xorg server is actually the xorg-server package
the xorg package only contains docs
jdstrand
patch is straightforward but not yet accepted upstream. Open
upstream questions as of 2013/12/18
package for Ubuntu 13.10 is available in saucy-proposed
downgrading to low since pixman is already fixed, based on bug
feedback

References

Bugs