6.8

CVE-2013-0800

EPSS 2.8%
Published 03.04.2013 11:56:21
Last modified 11.04.2025 00:51:21
Source security@mozilla.org
Teams watchlist Login
Open Login

Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.

Affected products Warnungen 0 Metrics 2 CWE 0 References 15

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version < 20.0

Mozilla ≫ Firefox Version >= 17.0 < 17.0.5

Mozilla ≫ Seamonkey Version < 2.17

Mozilla ≫ Thunderbird Version < 17.0.5

Mozilla ≫ Thunderbird Esr Version >= 17.0 < 17.0.5

Debian ≫ Debian Linux Version7.0

Canonical ≫ Ubuntu Linux Version10.04 SwEdition-

Canonical ≫ Ubuntu Linux Version11.10

Canonical ≫ Ubuntu Linux Version12.04 SwEdition-

Canonical ≫ Ubuntu Linux Version12.10

Opensuse ≫ Opensuse Version11.4

Opensuse ≫ Opensuse Version12.1

Opensuse ≫ Opensuse Version12.2

Opensuse ≫ Opensuse Version12.3

Suse ≫ Linux Enterprise Desktop Version10 Updatesp4 SwEdition-

Suse ≫ Linux Enterprise Desktop Version11 Updatesp2

Suse ≫ Linux Enterprise Server Version10 Updatesp4 SwEdition-

Suse ≫ Linux Enterprise Server Version11 Updatesp1 SwEditionltss SwPlatform-

Suse ≫ Linux Enterprise Server Version11 Updatesp1 SwEditionltss SwPlatformvmware

Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwPlatform-

Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwPlatformvmware

Suse ≫ Linux Enterprise Software Development Kit Version10 Updatesp4

Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.8%	0.856

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html

Third Party Advisory

Mailing List

http://www.debian.org/security/2013/dsa-2699

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html

Third Party Advisory

Mailing List

http://rhn.redhat.com/errata/RHSA-2013-0696.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2013-0697.html

Broken Link

http://www.ubuntu.com/usn/USN-1791-1

Third Party Advisory

http://www.mozilla.org/security/announce/2013/mfsa2013-31.html

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=825721

Patch

Vendor Advisory

Issue Tracking

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16909

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-0800

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-0800

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-0800

EUVD