CVE-2013-1997

Publication date 23 May 2013

Last updated 24 July 2024

Ubuntu priority

Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
libx11	13.04 raring	Fixed 2:1.5.0-1ubuntu1.1
	12.10 quantal	Fixed 2:1.5.0-1ubuntu0.1
	12.04 LTS precise	Fixed 2:1.4.99.1-0ubuntu2.1
	10.04 LTS lucid	Fixed 2:1.3.2-1ubuntu3.1

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libx11	Upstream: ?id=cdd Upstream: ?id=f29 Upstream: ?id=bff Upstream: ?id=59a Upstream: ?id=fd7 Upstream: ?id=006 Upstream: ?id=06c Upstream: ?id=e56 Upstream: ?id=4d7 Upstream: ?id=2df Upstream: ?id=de2 Upstream: ?id=b9b Upstream: ?id=0c4 Upstream: ?id=8d5 Upstream: ?id=db1 Upstream: ?id=e1b Upstream: ?id=a3b

References

Related Ubuntu Security Notices (USN)

USN-1854-1
libx11 vulnerabilities
5 June 2013

CVE-2013-1997

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references