CVE-2013-1981 — libx11 - several

Description

Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions.

How to fix CVE-2013-1981

To remediate CVE-2013-1981, upgrade the affected package to a fixed version below.

—upgrade to 2:1.5.0-1+deb7u1 or later
—upgrade to 2:1.3.3-4+squeeze1 or later

Is CVE-2013-1981 being exploited?

Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 2:1.5.0-1+deb7u1
from 0, < 2:1.3.3-4+squeeze1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-1981