CVE-2013-1993 | Vulnerability Database | Aqua Security

Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions.

Affected Software

Name	Vendor	Start Version	End Version
Mesa	Mesa3d	*	9.1.1 (including)
Mesa	Mesa3d	9.0 (including)	9.0 (including)
Mesa	Mesa3d	9.0.1 (including)	9.0.1 (including)
Mesa	Mesa3d	9.0.2 (including)	9.0.2 (including)
Mesa	Mesa3d	9.0.3 (including)	9.0.3 (including)
Mesa	Mesa3d	9.1 (including)	9.1 (including)
Libglx	X	- (including)	- (including)
Red Hat Enterprise Linux 5	RedHat	mesa-0:6.5.1-7.11.el5_9	*
Red Hat Enterprise Linux 6	RedHat	mesa-0:9.0-0.8.el6_4.3	*
Mesa	Ubuntu	devel	*
Mesa	Ubuntu	lucid	*
Mesa	Ubuntu	precise	*
Mesa	Ubuntu	quantal	*
Mesa	Ubuntu	raring	*
Mesa	Ubuntu	upstream	*

References

http://advisories.mageia.org/MGASA-2013-0190.html
http://lists.freedesktop.org/archives/mesa-dev/2013-May/039720.html
http://lists.freedesktop.org/archives/mesa-dev/2013-May/039722.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00007.html
http://rhn.redhat.com/errata/RHSA-2013-0897.html
http://rhn.redhat.com/errata/RHSA-2013-0898.html
http://www.debian.org/security/2013/dsa-2678
http://www.mandriva.com/security/advisories?name=MDVSA-2013:181
http://www.openwall.com/lists/oss-security/2013/05/23/3
http://www.ubuntu.com/usn/USN-1888-1
http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
http://advisories.mageia.org/MGASA-2013-0190.html
http://lists.freedesktop.org/archives/mesa-dev/2013-May/039720.html
http://lists.freedesktop.org/archives/mesa-dev/2013-May/039722.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00007.html
http://rhn.redhat.com/errata/RHSA-2013-0897.html
http://rhn.redhat.com/errata/RHSA-2013-0898.html
http://www.debian.org/security/2013/dsa-2678
http://www.mandriva.com/security/advisories?name=MDVSA-2013:181
http://www.openwall.com/lists/oss-security/2013/05/23/3
http://www.ubuntu.com/usn/USN-1888-1
http://www.x.org/wiki/Development/Security/Advisory-2013-05-23

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-1993
CWE	https://cwe.mitre.org/data/definitions/189.html