CVE-2013-1993
mesa - several
EPSS 2.0%
Description
Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions.
How to fix CVE-2013-1993
To remediate CVE-2013-1993, upgrade the affected package to a fixed version below.
- Debian/mesa—upgrade to 8.0.5-6 or later
- Debian/mesa—upgrade to 7.7.1-6 or later
Is CVE-2013-1993 being exploited?
Low — EPSS is 2.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 8.0.5-6
- from 0, < 7.7.1-6