Integer Overflow Vulnerability in X.org libGLX Affecting Mesa Products
CVE-2013-1993

Currently unrated

Key Information:

Vendor: Mesa3d
Status: Mesa; Libglx
Vendor: CVE Published:; 15 June 2013

What is CVE-2013-1993?

The vulnerability arises from multiple integer overflows in the X.org libGLX component in Mesa versions prior to 9.1.1. This flaw enables X servers to solicit memory allocation that is insufficient, consequently leading to a buffer overflow. It specifically affects the functions XF86DRIOpenConnection and XF86DRIGetClientDriverName, allowing an attacker to exploit memory allocation errors and potentially compromise system integrity.

References

http://lists.freedesktop.org/archives/mesa-dev/2013-May/0...

mailing-listx_refsource_MLIST

http://advisories.mageia.org/MGASA-2013-0190.html

x_refsource_CONFIRM

http://www.debian.org/security/2013/dsa-2678

vendor-advisoryx_refsource_DEBIAN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2013
Vulnerability Reserved
Feb 19, 2013

CVE-2013-1993 Data

JSON

Mesa3d

What is CVE-2013-1993?

References

Timeline