Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libxi | X.org | * | 1.7.1 (including) |
Libxi | X.org | 1.5.0 (including) | 1.5.0 (including) |
Libxi | X.org | 1.5.99.2 (including) | 1.5.99.2 (including) |
Libxi | X.org | 1.5.99.3 (including) | 1.5.99.3 (including) |
Libxi | X.org | 1.6.0 (including) | 1.6.0 (including) |
Libxi | X.org | 1.6.1 (including) | 1.6.1 (including) |
Libxi | X.org | 1.6.2 (including) | 1.6.2 (including) |
Libxi | X.org | 1.6.99.1 (including) | 1.6.99.1 (including) |
Libxi | X.org | 1.7 (including) | 1.7 (including) |