CVE-2013-1591 - OpenCVE

Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Enterprise Linux Enterprise Virtualization
Palemoon	Pale Moon

Configuration 1 [-]

cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:palemoon:pale_moon:*:*:*:*:*:*:*:*

References

Link	Resource
http://cgit.freedesktop.org/pixman/commit/?id=de60e2e0e3eb6084f8f14b63f25b3cbfb012943f	Mailing List Patch
http://rhn.redhat.com/errata/RHSA-2013-0687.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0746.html	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:116	Broken Link
http://www.palemoon.org/releasenotes-ng.shtml	Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=910149	Exploit Issue Tracking Patch
https://support.f5.com/csp/article/K51392553	Third Party Advisory
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0077	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2013-01-31T23:00:00

Updated: 2019-05-22T12:06:04

Reserved: 2013-01-31T00:00:00

Link: CVE-2013-1591

JSON object: View

NVD Information

Status : Analyzed

Published: 2013-01-31T23:55:01.037

Modified: 2024-02-15T21:08:00.480

Link: CVE-2013-1591

JSON object: View

Redhat Information

No data.

CWE

CWE-190

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-01-16T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-05-22T12:06:04", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.palemoon.org/releasenotes-ng.shtml"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0077"}, {"name": "RHSA-2013:0687", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0687.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=910149"}, {"name": "RHSA-2013:0746", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0746.html"}, {"tags": ["x_refsource_MISC"], "url": "http://cgit.freedesktop.org/pixman/commit/?id=de60e2e0e3eb6084f8f14b63f25b3cbfb012943f"}, {"name": "MDVSA-2013:116", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:116"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K51392553"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1591", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.palemoon.org/releasenotes-ng.shtml", "refsource": "CONFIRM", "url": "http://www.palemoon.org/releasenotes-ng.shtml"}, {"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0077", "refsource": "CONFIRM", "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0077"}, {"name": "RHSA-2013:0687", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0687.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=910149", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=910149"}, {"name": "RHSA-2013:0746", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0746.html"}, {"name": "http://cgit.freedesktop.org/pixman/commit/?id=de60e2e0e3eb6084f8f14b63f25b3cbfb012943f", "refsource": "MISC", "url": "http://cgit.freedesktop.org/pixman/commit/?id=de60e2e0e3eb6084f8f14b63f25b3cbfb012943f"}, {"name": "MDVSA-2013:116", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:116"}, {"name": "https://support.f5.com/csp/article/K51392553", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K51392553"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-1591", "datePublished": "2013-01-31T23:00:00", "dateReserved": "2013-01-31T00:00:00", "dateUpdated": "2019-05-22T12:06:04", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "105130E9-D48E-4FB8-A715-E6438EC7E744", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:palemoon:pale_moon:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC382A9A-521E-4EF7-8EAC-F262B26E4170", "versionEndExcluding": "15.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en libpixman, utilizado en Pale Moon anterior a 15.4, tiene un impacto y vectores de ataque no especificados."}], "evaluatorComment": "Adding additional products per \n\nhttp://rhn.redhat.com/errata/RHSA-2013-0687.html\n\nRed Hat Enterprise Linux 6\n\nhttp://rhn.redhat.com/errata/RHSA-2013-0746.html\n\nRed Hat Enterprise Virtualization 3", "id": "CVE-2013-1591", "lastModified": "2024-02-15T21:08:00.480", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2013-01-31T23:55:01.037", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch"], "url": "http://cgit.freedesktop.org/pixman/commit/?id=de60e2e0e3eb6084f8f14b63f25b3cbfb012943f"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0687.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0746.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:116"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.palemoon.org/releasenotes-ng.shtml"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=910149"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K51392553"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0077"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}