6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
libXres.so is vulnerable to denial of service. Due to a lack of bounds checking in the CARD32 rep.num_clients
, a remote attacker is able to cause an integer overflow which leads to an underallocation and writing data past the end of the allocated buffer, resulting in denial of service conditions.
lists.fedoraproject.org/pipermail/package-announce/2013-May/106880.html
lists.opensuse.org/opensuse-updates/2013-06/msg00155.html
www.debian.org/security/2013/dsa-2688
www.openwall.com/lists/oss-security/2013/05/23/3
www.ubuntu.com/usn/USN-1864-1
www.x.org/wiki/Development/Security/Advisory-2013-05-23
github.com/freedesktop/xorg-libXRes/commit/b053d215b80e721f9afdc5794e4f3f4f2aee0141
github.com/freedesktop/xorg-libXRes/commit/f468184963e53feda848853c4aefd0197b2cc116