CVE-2013-1999 - OpenCVE

Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvMCGetDRInfo function.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
X	Libxvmc

Configuration 1 [-]

OR	cpe:2.3:a:x:libxvmc::::::::
	cpe:2.3:a:x:libxvmc:1.0.2:::::::*
	cpe:2.3:a:x:libxvmc:1.0.3:::::::*
	cpe:2.3:a:x:libxvmc:1.0.4:::::::*
	cpe:2.3:a:x:libxvmc:1.0.5:::::::*
	cpe:2.3:a:x:libxvmc:1.0.6:::::::*

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106766.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00153.html
http://www.debian.org/security/2013/dsa-2675
http://www.openwall.com/lists/oss-security/2013/05/23/3
http://www.ubuntu.com/usn/USN-1868-1
http://www.x.org/wiki/Development/Security/Advisory-2013-05-23	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2013-06-15T20:00:00

Updated: 2013-11-21T00:27:52

Reserved: 2013-02-19T00:00:00

Link: CVE-2013-1999

JSON object: View

NVD Information

Status : Modified

Published: 2013-06-15T20:55:00.897

Modified: 2013-11-25T04:32:35.373

Link: CVE-2013-1999

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-05-23T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvMCGetDRInfo function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-11-21T00:27:52", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "openSUSE-SU-2013:1025", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00153.html"}, {"name": "USN-1868-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1868-1"}, {"name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"}, {"name": "DSA-2675", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2675"}, {"name": "FEDORA-2013-9099", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106766.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1999", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvMCGetDRInfo function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2013:1025", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00153.html"}, {"name": "USN-1868-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1868-1"}, {"name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"}, {"name": "DSA-2675", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2675"}, {"name": "FEDORA-2013-9099", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106766.html"}, {"name": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23", "refsource": "CONFIRM", "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1999", "datePublished": "2013-06-15T20:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2013-11-21T00:27:52", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:x:libxvmc:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A330206-B597-48C7-8203-44428A3E9386", "versionEndIncluding": "1.0.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:libxvmc:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "29191A64-0A20-4FC5-A96A-E5827DDD3244", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:libxvmc:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "A5328E29-89E8-418C-B50C-F402678329E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:libxvmc:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "34DAD019-AAF8-410E-9517-AA681DFE70DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:libxvmc:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "D053E0EB-45BE-4FB6-AB9B-C3D5D1B34C7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:libxvmc:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "C6F526D1-F524-48D6-B208-A94E20EE6248", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvMCGetDRInfo function."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en X.org libXvMC v1.0.7 y anteriores permite a los servidores X causar una denegaci\u00f3n de servicio (por ca\u00edda del servidor) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de valores de \u00edndice o de longitud debidamente modificados en la funci\u00f3n XvMCGetDRInfo."}], "id": "CVE-2013-1999", "lastModified": "2013-11-25T04:32:35.373", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-06-15T20:55:00.897", "references": [{"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106766.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00153.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2013/dsa-2675"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1868-1"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}