Vulnerability-Lookup - Search a vulnerability

cve-2016-7945

Vulnerability from cvelistv5

Published

2016-12-13 20:00

Modified

2024-08-06 02:13

Severity ?

Summary

Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.

References

▼	URL	Tags
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/	vendor-advisory, x_refsource_FEDORA
	http://www.securitytracker.com/id/1036945	vdb-entry, x_refsource_SECTRACK
	https://security.gentoo.org/glsa/201704-03	vendor-advisory, x_refsource_GENTOO
	https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5	x_refsource_CONFIRM
	https://lists.x.org/archives/xorg-announce/2016-October/002720.html	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVTZ2XLPKLASQUIQA2GMKKAUOQIUMM7I/	vendor-advisory, x_refsource_FEDORA
	http://www.openwall.com/lists/oss-security/2016/10/04/4	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2016/10/04/2	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/93364	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:13:21.529Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2016-8b122b0997",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/"
          },
          {
            "name": "1036945",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036945"
          },
          {
            "name": "GLSA-201704-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201704-03"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5"
          },
          {
            "name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
          },
          {
            "name": "FEDORA-2016-cabb6d7ef7",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVTZ2XLPKLASQUIQA2GMKKAUOQIUMM7I/"
          },
          {
            "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"
          },
          {
            "name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"
          },
          {
            "name": "93364",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93364"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-06T16:15:57",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "microfocus"
      },
      "references": [
        {
          "name": "FEDORA-2016-8b122b0997",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/"
        },
        {
          "name": "1036945",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036945"
        },
        {
          "name": "GLSA-201704-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201704-03"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5"
        },
        {
          "name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
        },
        {
          "name": "FEDORA-2016-cabb6d7ef7",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVTZ2XLPKLASQUIQA2GMKKAUOQIUMM7I/"
        },
        {
          "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"
        },
        {
          "name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"
        },
        {
          "name": "93364",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93364"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@suse.com",
          "ID": "CVE-2016-7945",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2016-8b122b0997",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/"
            },
            {
              "name": "1036945",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036945"
            },
            {
              "name": "GLSA-201704-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201704-03"
            },
            {
              "name": "https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5",
              "refsource": "CONFIRM",
              "url": "https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5"
            },
            {
              "name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
              "refsource": "MLIST",
              "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
            },
            {
              "name": "FEDORA-2016-cabb6d7ef7",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVTZ2XLPKLASQUIQA2GMKKAUOQIUMM7I/"
            },
            {
              "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"
            },
            {
              "name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"
            },
            {
              "name": "93364",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93364"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "microfocus",
    "cveId": "CVE-2016-7945",
    "datePublished": "2016-12-13T20:00:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-06T02:13:21.529Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-1998

Vulnerability from cvelistv5

Published

2013-06-15 20:00

Modified

2024-08-06 15:20

Severity ?

Summary

Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions.

References

▼	URL	Tags
	http://www.ubuntu.com/usn/USN-1859-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/60127	vdb-entry, x_refsource_BID
	http://www.openwall.com/lists/oss-security/2013/05/23/3	mailing-list, x_refsource_MLIST
	http://www.x.org/wiki/Development/Security/Advisory-2013-05-23	x_refsource_CONFIRM
	http://www.debian.org/security/2013/dsa-2683	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:20:37.377Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-1859-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1859-1"
          },
          {
            "name": "FEDORA-2013-9046",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html"
          },
          {
            "name": "openSUSE-SU-2013:1033",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html"
          },
          {
            "name": "60127",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/60127"
          },
          {
            "name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues  in X Window System client libraries",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"
          },
          {
            "name": "DSA-2683",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2683"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-05-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-20T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-1859-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1859-1"
        },
        {
          "name": "FEDORA-2013-9046",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html"
        },
        {
          "name": "openSUSE-SU-2013:1033",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html"
        },
        {
          "name": "60127",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/60127"
        },
        {
          "name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues  in X Window System client libraries",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"
        },
        {
          "name": "DSA-2683",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2683"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-1998",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-1859-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1859-1"
            },
            {
              "name": "FEDORA-2013-9046",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html"
            },
            {
              "name": "openSUSE-SU-2013:1033",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html"
            },
            {
              "name": "60127",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/60127"
            },
            {
              "name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues  in X Window System client libraries",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"
            },
            {
              "name": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23",
              "refsource": "CONFIRM",
              "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"
            },
            {
              "name": "DSA-2683",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2683"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-1998",
    "datePublished": "2013-06-15T20:00:00",
    "dateReserved": "2013-02-19T00:00:00",
    "dateUpdated": "2024-08-06T15:20:37.377Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-7946

Vulnerability from cvelistv5

Published

2016-12-13 20:00

Modified

2024-08-06 02:13

Severity ?

Summary

X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.

References

▼	URL	Tags
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/	vendor-advisory, x_refsource_FEDORA
	http://www.securitytracker.com/id/1036945	vdb-entry, x_refsource_SECTRACK
	https://security.gentoo.org/glsa/201704-03	vendor-advisory, x_refsource_GENTOO
	https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5	x_refsource_CONFIRM
	https://lists.x.org/archives/xorg-announce/2016-October/002720.html	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVTZ2XLPKLASQUIQA2GMKKAUOQIUMM7I/	vendor-advisory, x_refsource_FEDORA
	http://www.openwall.com/lists/oss-security/2016/10/04/4	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/93374	vdb-entry, x_refsource_BID
	http://www.openwall.com/lists/oss-security/2016/10/04/2	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:13:21.322Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2016-8b122b0997",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/"
          },
          {
            "name": "1036945",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036945"
          },
          {
            "name": "GLSA-201704-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201704-03"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5"
          },
          {
            "name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
          },
          {
            "name": "FEDORA-2016-cabb6d7ef7",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVTZ2XLPKLASQUIQA2GMKKAUOQIUMM7I/"
          },
          {
            "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"
          },
          {
            "name": "93374",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93374"
          },
          {
            "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-06T16:16:02",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "microfocus"
      },
      "references": [
        {
          "name": "FEDORA-2016-8b122b0997",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/"
        },
        {
          "name": "1036945",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036945"
        },
        {
          "name": "GLSA-201704-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201704-03"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5"
        },
        {
          "name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
        },
        {
          "name": "FEDORA-2016-cabb6d7ef7",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVTZ2XLPKLASQUIQA2GMKKAUOQIUMM7I/"
        },
        {
          "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"
        },
        {
          "name": "93374",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93374"
        },
        {
          "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@microfocus.com",
          "ID": "CVE-2016-7946",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2016-8b122b0997",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/"
            },
            {
              "name": "1036945",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036945"
            },
            {
              "name": "GLSA-201704-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201704-03"
            },
            {
              "name": "https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5",
              "refsource": "CONFIRM",
              "url": "https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5"
            },
            {
              "name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
              "refsource": "MLIST",
              "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
            },
            {
              "name": "FEDORA-2016-cabb6d7ef7",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVTZ2XLPKLASQUIQA2GMKKAUOQIUMM7I/"
            },
            {
              "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"
            },
            {
              "name": "93374",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93374"
            },
            {
              "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "microfocus",
    "cveId": "CVE-2016-7946",
    "datePublished": "2016-12-13T20:00:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-06T02:13:21.322Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-1995

Vulnerability from cvelistv5

Published

2013-06-15 20:00

Modified

2024-08-06 15:20

Severity ?

Summary

X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function.

References

▼	URL	Tags
	http://www.ubuntu.com/usn/USN-1859-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html	vendor-advisory, x_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2013/05/23/3	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/60124	vdb-entry, x_refsource_BID
	http://www.x.org/wiki/Development/Security/Advisory-2013-05-23	x_refsource_CONFIRM
	http://www.debian.org/security/2013/dsa-2683	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:20:37.439Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-1859-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1859-1"
          },
          {
            "name": "FEDORA-2013-9046",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html"
          },
          {
            "name": "openSUSE-SU-2013:1033",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html"
          },
          {
            "name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues  in X Window System client libraries",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"
          },
          {
            "name": "60124",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/60124"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"
          },
          {
            "name": "DSA-2683",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2683"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-05-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-20T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-1859-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1859-1"
        },
        {
          "name": "FEDORA-2013-9046",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html"
        },
        {
          "name": "openSUSE-SU-2013:1033",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html"
        },
        {
          "name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues  in X Window System client libraries",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"
        },
        {
          "name": "60124",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/60124"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"
        },
        {
          "name": "DSA-2683",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2683"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-1995",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-1859-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1859-1"
            },
            {
              "name": "FEDORA-2013-9046",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html"
            },
            {
              "name": "openSUSE-SU-2013:1033",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html"
            },
            {
              "name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues  in X Window System client libraries",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"
            },
            {
              "name": "60124",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/60124"
            },
            {
              "name": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23",
              "refsource": "CONFIRM",
              "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"
            },
            {
              "name": "DSA-2683",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2683"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-1995",
    "datePublished": "2013-06-15T20:00:00",
    "dateReserved": "2013-02-19T00:00:00",
    "dateUpdated": "2024-08-06T15:20:37.439Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-1984

Vulnerability from cvelistv5

Published

2013-06-15 19:00

Modified

2024-08-06 15:20

Severity ?

Summary

Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions.

References

▼	URL	Tags
	http://www.ubuntu.com/usn/USN-1859-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html	vendor-advisory, x_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2013/05/23/3	mailing-list, x_refsource_MLIST
	http://www.x.org/wiki/Development/Security/Advisory-2013-05-23	x_refsource_CONFIRM
	http://www.debian.org/security/2013/dsa-2683	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:20:37.417Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-1859-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1859-1"
          },
          {
            "name": "FEDORA-2013-9046",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html"
          },
          {
            "name": "openSUSE-SU-2013:1033",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html"
          },
          {
            "name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues  in X Window System client libraries",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"
          },
          {
            "name": "DSA-2683",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2683"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-05-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-12-01T17:26:34",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-1859-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1859-1"
        },
        {
          "name": "FEDORA-2013-9046",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html"
        },
        {
          "name": "openSUSE-SU-2013:1033",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html"
        },
        {
          "name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues  in X Window System client libraries",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"
        },
        {
          "name": "DSA-2683",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2683"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-1984",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-1859-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1859-1"
            },
            {
              "name": "FEDORA-2013-9046",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html"
            },
            {
              "name": "openSUSE-SU-2013:1033",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html"
            },
            {
              "name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues  in X Window System client libraries",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"
            },
            {
              "name": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23",
              "refsource": "CONFIRM",
              "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"
            },
            {
              "name": "DSA-2683",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2683"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-1984",
    "datePublished": "2013-06-15T19:00:00",
    "dateReserved": "2013-02-19T00:00:00",
    "dateUpdated": "2024-08-06T15:20:37.417Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd

Published

2016-12-13 20:59

Modified

2024-11-21 02:58

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.

References

▼	URL	Tags
	security@opentext.com	http://www.openwall.com/lists/oss-security/2016/10/04/2
	security@opentext.com	http://www.openwall.com/lists/oss-security/2016/10/04/4
	security@opentext.com	http://www.securityfocus.com/bid/93364
	security@opentext.com	http://www.securitytracker.com/id/1036945
	security@opentext.com	https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
	security@opentext.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/
	security@opentext.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVTZ2XLPKLASQUIQA2GMKKAUOQIUMM7I/
	security@opentext.com	https://lists.x.org/archives/xorg-announce/2016-October/002720.html
	security@opentext.com	https://security.gentoo.org/glsa/201704-03
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2016/10/04/2
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2016/10/04/4
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93364
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036945
	af854a3a-2127-422b-91ae-364da2661108	https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
	af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/
	af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVTZ2XLPKLASQUIQA2GMKKAUOQIUMM7I/
	af854a3a-2127-422b-91ae-364da2661108	https://lists.x.org/archives/xorg-announce/2016-October/002720.html
	af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201704-03

Impacted products

Vendor	Product	Version
fedoraproject	fedora	24
fedoraproject	fedora	25
x.org	libxi	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
              "matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*",
              "matchCriteriaId": "772E9557-A371-4664-AE2D-4135AAEB89AA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:x.org:libxi:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC62AF0F-A048-424F-ABEC-E36BF55D1081",
              "versionEndIncluding": "1.7.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de entero en X.org libXi en versiones anteriores a 1.7.7 permite a servidores remotos X provocar una denegaci\u00f3n de servicio (acceso de memoria fuera de datos o bucle infinito) a trav\u00e9s de vectores que involucran campos de longitud."
    }
  ],
  "id": "CVE-2016-7945",
  "lastModified": "2024-11-21T02:58:45.820",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-12-13T20:59:10.287",
  "references": [
    {
      "source": "security@opentext.com",
      "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"
    },
    {
      "source": "security@opentext.com",
      "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"
    },
    {
      "source": "security@opentext.com",
      "url": "http://www.securityfocus.com/bid/93364"
    },
    {
      "source": "security@opentext.com",
      "url": "http://www.securitytracker.com/id/1036945"
    },
    {
      "source": "security@opentext.com",
      "url": "https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5"
    },
    {
      "source": "security@opentext.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/"
    },
    {
      "source": "security@opentext.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVTZ2XLPKLASQUIQA2GMKKAUOQIUMM7I/"
    },
    {
      "source": "security@opentext.com",
      "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
    },
    {
      "source": "security@opentext.com",
      "url": "https://security.gentoo.org/glsa/201704-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/93364"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036945"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVTZ2XLPKLASQUIQA2GMKKAUOQIUMM7I/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201704-03"
    }
  ],
  "sourceIdentifier": "security@opentext.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        },
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-06-15 20:55

Modified

2024-11-21 01:50

Severity ?

Summary

X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function.

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html
secalert@redhat.com	http://www.debian.org/security/2013/dsa-2683
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/05/23/3
secalert@redhat.com	http://www.securityfocus.com/bid/60124
secalert@redhat.com	http://www.ubuntu.com/usn/USN-1859-1
secalert@redhat.com	http://www.x.org/wiki/Development/Security/Advisory-2013-05-23	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2013/dsa-2683
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/05/23/3
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/60124
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1859-1
af854a3a-2127-422b-91ae-364da2661108	http://www.x.org/wiki/Development/Security/Advisory-2013-05-23	Vendor Advisory

Impacted products

Vendor	Product	Version
x.org	libxi	*
x.org	libxi	1.5.0
x.org	libxi	1.5.99.2
x.org	libxi	1.5.99.3
x.org	libxi	1.6.0
x.org	libxi	1.6.1
x.org	libxi	1.6.2
x.org	libxi	1.6.99.1
x.org	libxi	1.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:x.org:libxi:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90DF85F5-D8B6-4396-A139-BE30C590B520",
              "versionEndIncluding": "1.7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:libxi:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B5AAB71-FFD1-482B-87A3-941B8B4BBA5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:libxi:1.5.99.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCD677F0-0F98-4550-80C9-E75A5CFD6F20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:libxi:1.5.99.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E3D1B68-BFA2-4173-8843-7F3D29639973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:libxi:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3462CFC7-89CB-4867-8DE9-8370A8438497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:libxi:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACB8D098-C28D-404B-B315-3DBE36BB1F30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:libxi:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "596A9E3D-01C4-439A-A96C-8D1E5378CCDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:libxi:1.6.99.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "134F8DCD-E77B-4828-BBE4-9B4AAF5AECB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:libxi:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E66B05D-F164-4D6C-9CCD-28EC8D3256BD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function."
    },
    {
      "lang": "es",
      "value": "X.org LibXi v1.7.1 y anteriores permite a los servidores X activar la asignaci\u00f3n de memoria insuficiente y provocar un desbordamiento de b\u00fafer a trav\u00e9s de vectores relacionados con una extensi\u00f3n de signo inesperada en la funci\u00f3n XListInputDevices."
    }
  ],
  "id": "CVE-2013-1995",
  "lastModified": "2024-11-21T01:50:48.980",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-06-15T20:55:00.817",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2013/dsa-2683"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/60124"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1859-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2013/dsa-2683"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/60124"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1859-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-06-15 20:55

Modified

2024-11-21 01:50

Severity ?

Summary

Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions.

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html
secalert@redhat.com	http://www.debian.org/security/2013/dsa-2683
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/05/23/3
secalert@redhat.com	http://www.securityfocus.com/bid/60127
secalert@redhat.com	http://www.ubuntu.com/usn/USN-1859-1
secalert@redhat.com	http://www.x.org/wiki/Development/Security/Advisory-2013-05-23	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2013/dsa-2683
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/05/23/3
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/60127
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1859-1
af854a3a-2127-422b-91ae-364da2661108	http://www.x.org/wiki/Development/Security/Advisory-2013-05-23	Vendor Advisory

Impacted products

Vendor	Product	Version
x.org	libxi	*
x.org	libxi	1.5.0
x.org	libxi	1.5.99.2
x.org	libxi	1.5.99.3
x.org	libxi	1.6.0
x.org	libxi	1.6.1
x.org	libxi	1.6.2
x.org	libxi	1.6.99.1
x.org	libxi	1.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:x.org:libxi:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90DF85F5-D8B6-4396-A139-BE30C590B520",
              "versionEndIncluding": "1.7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:libxi:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B5AAB71-FFD1-482B-87A3-941B8B4BBA5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:libxi:1.5.99.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCD677F0-0F98-4550-80C9-E75A5CFD6F20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:libxi:1.5.99.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E3D1B68-BFA2-4173-8843-7F3D29639973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:libxi:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3462CFC7-89CB-4867-8DE9-8370A8438497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:libxi:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACB8D098-C28D-404B-B315-3DBE36BB1F30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:libxi:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "596A9E3D-01C4-439A-A96C-8D1E5378CCDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:libxi:1.6.99.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "134F8DCD-E77B-4828-BBE4-9B4AAF5AECB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:libxi:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E66B05D-F164-4D6C-9CCD-28EC8D3256BD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions."
    },
    {
      "lang": "es",
      "value": "Multiples desbordamientos de b\u00fafer en X.org libXi v1.7.1 y anteriores permite a los servidores X  causar una denegaci\u00f3n de servicio (por ca\u00edda del servidor) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de valores de \u00edndice o de longitud debidamente modificados en las funciones (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, y (3) XQueryDeviceState."
    }
  ],
  "id": "CVE-2013-1998",
  "lastModified": "2024-11-21T01:50:49.353",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-06-15T20:55:00.877",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2013/dsa-2683"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/60127"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1859-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2013/dsa-2683"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/60127"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1859-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2016-12-13 20:59

Modified

2024-11-21 02:58

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.

References

▼	URL	Tags
	security@opentext.com	http://www.openwall.com/lists/oss-security/2016/10/04/2
	security@opentext.com	http://www.openwall.com/lists/oss-security/2016/10/04/4
	security@opentext.com	http://www.securityfocus.com/bid/93374
	security@opentext.com	http://www.securitytracker.com/id/1036945
	security@opentext.com	https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
	security@opentext.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/
	security@opentext.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVTZ2XLPKLASQUIQA2GMKKAUOQIUMM7I/
	security@opentext.com	https://lists.x.org/archives/xorg-announce/2016-October/002720.html
	security@opentext.com	https://security.gentoo.org/glsa/201704-03
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2016/10/04/2
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2016/10/04/4
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93374
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036945
	af854a3a-2127-422b-91ae-364da2661108	https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
	af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/
	af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVTZ2XLPKLASQUIQA2GMKKAUOQIUMM7I/
	af854a3a-2127-422b-91ae-364da2661108	https://lists.x.org/archives/xorg-announce/2016-October/002720.html
	af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201704-03

Impacted products

Vendor	Product	Version
x.org	libxi	*
fedoraproject	fedora	24
fedoraproject	fedora	25

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:x.org:libxi:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC62AF0F-A048-424F-ABEC-E36BF55D1081",
              "versionEndIncluding": "1.7.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
              "matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*",
              "matchCriteriaId": "772E9557-A371-4664-AE2D-4135AAEB89AA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields."
    },
    {
      "lang": "es",
      "value": "X.org libXi en versiones anteriores a 1.7.7 permite a servidores remotos X provocar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de vectores que involucran campos de longitud."
    }
  ],
  "id": "CVE-2016-7946",
  "lastModified": "2024-11-21T02:58:45.940",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-12-13T20:59:11.613",
  "references": [
    {
      "source": "security@opentext.com",
      "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"
    },
    {
      "source": "security@opentext.com",
      "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"
    },
    {
      "source": "security@opentext.com",
      "url": "http://www.securityfocus.com/bid/93374"
    },
    {
      "source": "security@opentext.com",
      "url": "http://www.securitytracker.com/id/1036945"
    },
    {
      "source": "security@opentext.com",
      "url": "https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5"
    },
    {
      "source": "security@opentext.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/"
    },
    {
      "source": "security@opentext.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVTZ2XLPKLASQUIQA2GMKKAUOQIUMM7I/"
    },
    {
      "source": "security@opentext.com",
      "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
    },
    {
      "source": "security@opentext.com",
      "url": "https://security.gentoo.org/glsa/201704-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/93374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036945"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVTZ2XLPKLASQUIQA2GMKKAUOQIUMM7I/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201704-03"
    }
  ],
  "sourceIdentifier": "security@opentext.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-06-15 19:55

Modified

2024-11-21 01:50

Severity ?

Summary

Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions.

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html
secalert@redhat.com	http://www.debian.org/security/2013/dsa-2683
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/05/23/3
secalert@redhat.com	http://www.ubuntu.com/usn/USN-1859-1
secalert@redhat.com	http://www.x.org/wiki/Development/Security/Advisory-2013-05-23	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2013/dsa-2683
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/05/23/3
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1859-1
af854a3a-2127-422b-91ae-364da2661108	http://www.x.org/wiki/Development/Security/Advisory-2013-05-23	Vendor Advisory

Impacted products

Vendor	Product	Version
x.org	libxi	*
x.org	libxi	1.5.0
x.org	libxi	1.5.99.2
x.org	libxi	1.5.99.3
x.org	libxi	1.6.0
x.org	libxi	1.6.1
x.org	libxi	1.6.2
x.org	libxi	1.6.99.1
x.org	libxi	1.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:x.org:libxi:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90DF85F5-D8B6-4396-A139-BE30C590B520",
              "versionEndIncluding": "1.7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:libxi:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B5AAB71-FFD1-482B-87A3-941B8B4BBA5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:libxi:1.5.99.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCD677F0-0F98-4550-80C9-E75A5CFD6F20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:libxi:1.5.99.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E3D1B68-BFA2-4173-8843-7F3D29639973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:libxi:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3462CFC7-89CB-4867-8DE9-8370A8438497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:libxi:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACB8D098-C28D-404B-B315-3DBE36BB1F30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:libxi:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "596A9E3D-01C4-439A-A96C-8D1E5378CCDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:libxi:1.6.99.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "134F8DCD-E77B-4828-BBE4-9B4AAF5AECB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:libxi:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E66B05D-F164-4D6C-9CCD-28EC8D3256BD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions."
    },
    {
      "lang": "es",
      "value": "Multiples desbordamientos de enteros en X.org libXi v1.7.1 y anteriores permiten que los servidores X provoquen una asignaci\u00f3n de memoria insuficiente y un desbordamiento de b\u00fafer a trav\u00e9s de vectores relacionados con las funciones (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents , (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, y (8) XListInputDevices."
    }
  ],
  "id": "CVE-2013-1984",
  "lastModified": "2024-11-21T01:50:47.600",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-06-15T19:55:00.967",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2013/dsa-2683"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1859-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2013/dsa-2683"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1859-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerabilites related to x.org - libxi

cve-2016-7945

Vulnerability from cvelistv5

cve-2013-1998

Vulnerability from cvelistv5

cve-2016-7946

Vulnerability from cvelistv5

cve-2013-1995

Vulnerability from cvelistv5

cve-2013-1984

Vulnerability from cvelistv5

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd