Buffer Overflow Vulnerability in X.org LibXi Affected by Unexpected Sign Extension
CVE-2013-1995

Currently unrated

Key Information:

Vendor: X.org
Status: Libxi
Vendor: CVE Published:; 15 June 2013

What is CVE-2013-1995?

The vulnerability in X.org's LibXi, present in version 1.7.1 and prior, allows X servers to trigger memory allocation errors leading to a buffer overflow. This occurs due to an unexpected sign extension in the XListInputDevices function, potentially compromising system stability and security. Attackers may exploit this flaw to manipulate memory allocation, resulting in unauthorized actions within the system.

References

http://www.ubuntu.com/usn/USN-1859-1

vendor-advisoryx_refsource_UBUNTU

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://lists.opensuse.org/opensuse-updates/2013-06/msg001...

vendor-advisoryx_refsource_SUSE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2013
Vulnerability Reserved
Feb 19, 2013