CVE-2013-7439
libx11 - security update
EPSS 2.1%
Description
Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.
How to fix CVE-2013-7439
To remediate CVE-2013-7439, upgrade the affected package to a fixed version below.
- Debian/libx11—upgrade to 2:1.6.0-1 or later
- Debian/libx11—upgrade to 2:1.3.3-4+squeeze2 or later
- Debian/libx11—upgrade to 2:1.5.0-1+deb7u2 or later
Is CVE-2013-7439 being exploited?
Low — EPSS is 2.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2:1.6.0-1
- from 0, < 2:1.3.3-4+squeeze2
- from 0, < 2:1.5.0-1+deb7u2