CVE-2013-2000

Published: 23 May 2013

Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XDGAQueryModes and (2) XDGASetMode functions.

Priority

Status

Package	Release	Status
libxxf86dga Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Released (2:1.1.2-1ubuntu0.1)
	quantal	Released (2:1.1.3-2ubuntu0.12.10.1)
	raring	Released (2:1.1.3-2ubuntu0.13.04.1)
	upstream	Pending (1.1.4)
	Patches: upstream: http://cgit.freedesktop.org/xorg/lib/libXxf86dga/commit/?id=5dcfa6a8cf2df39828da733e5945e730518c27b3 upstream: http://cgit.freedesktop.org/xorg/lib/libXxf86dga/commit/?id=b69d6d51a82b1d1e8c68a233360acb742c879375

References

http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
http://www.debian.org/security/2013/dsa-2690
https://ubuntu.com/security/notices/USN-1869-1
https://www.cve.org/CVERecord?id=CVE-2013-2000
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.