CVE-2013-7439
Published: 09 April 2015
Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
libx11 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
|
|
|
Patches: Upstream: http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=39547d600a13713e15429f49768e54c3173c828d |
||
|
libxrender Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(1:0.9.8-1build0.14.04.1)
|
|
Notes
| Author | Note |
|---|---|
| mdeslaur | all build dependencies that use the MakeBigReq macro, or that use the SetReqLen macro need to be rebuilt |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7439
- http://www.openwall.com/lists/oss-security/2015/04/08/4
- https://ubuntu.com/security/notices/USN-2568-1
- NVD
- Launchpad
- Debian