CVE-2013-7439
Published: 9 April 2015
Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
libx11 Launchpad, Ubuntu, Debian |
lucid |
Ignored
(reached end-of-life)
|
| precise |
Released
(2:1.4.99.1-0ubuntu2.3)
|
|
| trusty |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
| utopic |
Not vulnerable
|
|
|
libxrender Launchpad, Ubuntu, Debian |
lucid |
Ignored
(reached end-of-life)
|
| precise |
Released
(1:0.9.6-2ubuntu0.2)
|
|
| trusty |
Released
(1:0.9.8-1build0.14.04.1)
|
|
| upstream |
Needs triage
|
|
| utopic |
Released
(1:0.9.8-1build0.14.10.1)
|
Notes
| Author | Note |
|---|---|
| mdeslaur | all build dependencies that use the MakeBigReq macro, or that use the SetReqLen macro need to be rebuilt |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7439
- http://www.openwall.com/lists/oss-security/2015/04/08/4
- https://ubuntu.com/security/notices/USN-2568-1
- NVD
- Launchpad
- Debian