Vulnerability Description
X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors related to the (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut, (4) HandleNormal, and (5) HandleSelectionReplies functions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| X | Libxt | <= 1.1.3 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106785.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00138.html
- http://www.debian.org/security/2013/dsa-2680
- http://www.openwall.com/lists/oss-security/2013/05/23/3
- http://www.securityfocus.com/bid/60133
- http://www.ubuntu.com/usn/USN-1865-1
- http://www.x.org/wiki/Development/Security/Advisory-2013-05-23Vendor Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106785.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00138.html
- http://www.debian.org/security/2013/dsa-2680
- http://www.openwall.com/lists/oss-security/2013/05/23/3
- http://www.securityfocus.com/bid/60133
- http://www.ubuntu.com/usn/USN-1865-1
- http://www.x.org/wiki/Development/Security/Advisory-2013-05-23Vendor Advisory
FAQ
What is CVE-2013-2005?
CVE-2013-2005 is a vulnerability with a CVSS score of 6.8 (MEDIUM). X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors re...
How severe is CVE-2013-2005?
CVE-2013-2005 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2005?
Check the references section above for vendor advisories and patch information. Affected products include: X Libxt.