[Forgot Password]
Login  Register Subscribe

23631

 
 

120353

 
 

98503

 
 

909

 
 

79321

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

Heap-based buffer overflow vulnerability in X.org libXi via vectors related to an unexpected sign extension in the XListInputDevices function

ID: oval:org.secpod.oval:def:20994Date: (C)2014-09-02   (M)2017-04-25
Class: VULNERABILITYFamily: unix




The host is installed with libXi before 1.7.2 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle vectors related to an unexpected sign extension in the XListInputDevices function. Successful exploitation could allow attackers to trigger allocation of insufficient memory and a buffer overflow.

Platform:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product:
libXi
Reference:
CVE-2013-1995
CVE    1
CVE-2013-1995
CPE    12
cpe:/a:x:libxi
cpe:/a:x:libxi:1.5.99.2
cpe:/a:x:libxi:1.5.99.3
cpe:/a:x:libxi:1.5.0
...

© 2013 SecPod Technologies