Your submission was sent successfully! Close

CVE-2013-7439

Published: 9 April 2015

Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.

Notes

AuthorNote
mdeslaur
all build dependencies that use the MakeBigReq macro, or that
use the SetReqLen macro need to be rebuilt
Priority

Medium

Status

Package Release Status
libx11
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (2:1.4.99.1-0ubuntu2.3)
trusty Not vulnerable

upstream Needs triage

utopic Not vulnerable

Patches:
upstream: http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=39547d600a13713e15429f49768e54c3173c828d
libxrender
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (1:0.9.6-2ubuntu0.2)
trusty
Released (1:0.9.8-1build0.14.04.1)
upstream Needs triage

utopic
Released (1:0.9.8-1build0.14.10.1)