CVE-2013-1987

Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats, and (3) XRenderQueryPictIndexValues functions.

Published: Jun 15, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-1987
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-189

Affected Software
References

Software	From	Fixed in
canonical / ubuntu_linux	13.04	13.04.x
canonical / ubuntu_linux	12.10	12.10.x
canonical / ubuntu_linux	12.04	12.04.x
canonical / ubuntu_linux	10.04	10.04.x
opensuse / opensuse	12.3	12.3.x
opensuse / opensuse	12.2	12.2.x
x / libxrender	0.9.5	0.9.5.x
x / libxrender	0.9.2	0.9.2.x
x / libxrender	0.9.3	0.9.3.x
x / libxrender	-	0.9.7.x
x / libxrender	0.9.6	0.9.6.x
x / libxrender	0.9.1	0.9.1.x
x / libxrender	0.9.4	0.9.4.x

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106862.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00141.html
http://www.debian.org/security/2013/dsa-2677
http://www.openwall.com/lists/oss-security/2013/05/23/3
http://www.securityfocus.com/bid/60132
http://www.ubuntu.com/usn/USN-1863-1
http://www.x.org/wiki/Development/Security/Advisory-2013-05-23

Vulnerability Database

CVE-2013-1987