5

CVE-2013-6425

Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PixmanPixman Version < 0.32.0
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version12.10
CanonicalUbuntu Linux Version13.04
CanonicalUbuntu Linux Version13.10
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
RedhatEnterprise Linux Eus Version6.5
OpensuseOpensuse Version11.4
OpensuseOpensuse Version12.2
OpensuseOpensuse Version12.3
OpensuseOpensuse Version13.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.88% 0.85
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

http://www.openwall.com/lists/oss-security/2013/12/03/8
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2013/12/04/8
Third Party Advisory
Mailing List
https://bugs.freedesktop.org/show_bug.cgi?id=67484
Patch
Third Party Advisory
Issue Tracking
https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1197921
Patch
Third Party Advisory
Issue Tracking
http://cgit.freedesktop.org/pixman/commit/?id=5e14da97f16e421d084a9e735be21b1025150f0c
Patch
Third Party Advisory
http://lists.freedesktop.org/archives/pixman/2013-November/003109.html
Patch
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-01/msg00001.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2014-01/msg00005.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2014-01/msg00008.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2014-01/msg00097.html
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2013-1869.html
Third Party Advisory
http://www.debian.org/security/2013/dsa-2823
Third Party Advisory
http://www.ubuntu.com/usn/USN-2047-1
Third Party Advisory