Executive Summary
Summary | |
---|---|
Title | Pixman: User-assisted execution of arbitrary code |
Informations | |||
---|---|---|---|
Name | GLSA-201402-03 | First vendor Publication | 2014-02-02 |
Vendor | Gentoo | Last vendor Modification | 2014-02-02 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis An integer underflow vulnerability in Pixman may allow a context-dependent attacker to cause Denial of Service. Background Description Impact Workaround Resolution Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages. References Availability http://security.gentoo.org/glsa/glsa-201402-03.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201402-03.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-191 | Integer Underflow (Wrap or Wraparound) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:20109 | |||
Oval ID: | oval:org.mitre.oval:def:20109 | ||
Title: | DSA-2823-1 pixman - integer underflow | ||
Description: | Bryan Quigley discovered an integer underflow in Pixman which could lead to denial of service or the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2823-1 CVE-2013-6425 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | pixman |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21060 | |||
Oval ID: | oval:org.mitre.oval:def:21060 | ||
Title: | RHSA-2013:1869: pixman security update (Important) | ||
Description: | Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:1869-00 CESA-2013:1869 CVE-2013-6425 | Version: | 7 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | pixman |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23591 | |||
Oval ID: | oval:org.mitre.oval:def:23591 | ||
Title: | DEPRECATED: ELSA-2013:1869: pixman security update (Important) | ||
Description: | Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:1869-00 CVE-2013-6425 | Version: | 7 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | pixman |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24196 | |||
Oval ID: | oval:org.mitre.oval:def:24196 | ||
Title: | ELSA-2013:1869: pixman security update (Important) | ||
Description: | Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:1869-00 CVE-2013-6425 | Version: | 6 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | pixman |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:25629 | |||
Oval ID: | oval:org.mitre.oval:def:25629 | ||
Title: | SUSE-SU-2014:0023-1 -- Security update for pixman | ||
Description: | This update fixes the following security issue with pixman: * Integer underflow when handling trapezoids. (bnc#853824, CVE-2013-6425) Security Issues: * CVE-2013-6425 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6425 > | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:0023-1 CVE-2013-6425 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | pixman |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26906 | |||
Oval ID: | oval:org.mitre.oval:def:26906 | ||
Title: | DEPRECATED: ELSA-2013-1869 -- pixman security update (important) | ||
Description: | [0.26.2-5.1] - Fix CVE 2013-6425 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-1869 CVE-2013-6425 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | pixman |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Os | 4 | |
Os | 2 | |
Os | 4 | |
Os | 2 | |
Os | 1 | |
Os | 2 | |
Os | 1 | |
Os | 1 | |
Os | 2 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0041.nasl - Type : ACT_GATHER_INFO |
2014-08-30 | Name : The remote Fedora host is missing a security update. File : fedora_2014-9399.nasl - Type : ACT_GATHER_INFO |
2014-08-16 | Name : The remote Fedora host is missing a security update. File : fedora_2014-9359.nasl - Type : ACT_GATHER_INFO |
2014-08-08 | Name : The remote Fedora host is missing a security update. File : fedora_2014-9063.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-7.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-6.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-5.nasl - Type : ACT_GATHER_INFO |
2014-06-10 | Name : The remote Fedora host is missing a security update. File : fedora_2014-6825.nasl - Type : ACT_GATHER_INFO |
2014-06-10 | Name : The remote Fedora host is missing a security update. File : fedora_2014-6829.nasl - Type : ACT_GATHER_INFO |
2014-02-05 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-272.nasl - Type : ACT_GATHER_INFO |
2014-02-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201402-03.nasl - Type : ACT_GATHER_INFO |
2014-01-07 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libpixman-1-0-131221.nasl - Type : ACT_GATHER_INFO |
2014-01-07 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libpixman-1-0-131220.nasl - Type : ACT_GATHER_INFO |
2013-12-24 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131220_pixman_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-12-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1869.nasl - Type : ACT_GATHER_INFO |
2013-12-23 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1869.nasl - Type : ACT_GATHER_INFO |
2013-12-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-302.nasl - Type : ACT_GATHER_INFO |
2013-12-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1869.nasl - Type : ACT_GATHER_INFO |
2013-12-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2823.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:38:07 |
|
2014-02-02 21:20:45 |
|