CVE-2013-1984 — libxi - several

Description

Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions.

How to fix CVE-2013-1984

To remediate CVE-2013-1984, upgrade the affected package to a fixed version below.

Debian/libxi—upgrade to 2:1.6.1-1+deb7u1 or later
—upgrade to 2:1.3-8 or later

Is CVE-2013-1984 being exploited?

Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 2:1.6.1-1+deb7u1
from 0, < 2:1.3-8

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-1984