Multiple integer overflow vulnerabilities in X.org libXi due to protocol handling issuesID: oval:org.secpod.oval:def:20992 | Date: (C)2014-09-02 (M)2023-07-28 |
Class: VULNERABILITY | Family: unix |
The host is installed with libXi before 1.7.2 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions. Successful exploitation could allow attackers to trigger allocation of insufficient memory and a buffer overflow.
Platform: |
Red Hat Enterprise Linux 5 |
Red Hat Enterprise Linux 6 |