CVE-2013-7439: X.Org Security Advisory: Buffer overflow in MakeBigReq macro
|Reported by:||Fernando de Oliveira||Owned by:|
I'm doing something else, so, didn't read carefully the text below.
If we have already fixed it, please close the ticket.
Alan Coopersmith alan.coopersmith at oracle.com Tue Apr 14 08:57:18 PDT 2015 ... X.Org Security Advisory: April 14, 2015 Buffer overflow in MakeBigReq macro in libX11 prior to 1.6 [CVE-2013-7439] ========================================================================== Description: ============ It's been brought to X.Org's attention that this commit:
which was included in libX11 18.104.22.1681 (1.6 RC1) and later releases fixed an issue which may be exploitable when X clients are rendering untrusted content, such as in web browsers. Mitre has thus issued CVE-2013-7439 for tracking this vulnerability. Further discussion is available in the oss-security thread starting at
Note that as this affects a macro in a header file, all software using this macro will need to be recompiled for the fix to take effect. Since the Xlibint.h header provides access to the internals of libX11, it should not be directly accessed by most clients, but nearly all of the Xlib-based extension libraries are affected, as are some third-party client libraries and programs who have ill-advisedly relied on libX11 internals. X.Org software known to use these macros includes: libXext libXfixes libXi libXp libXrandr libXrender libXv libXxf86misc xf86-video-vmware Some uses of the macros in other software may be found at:
but of course, only a search of your own code base will be exhaustive. Affected Versions ================= The off-by-one-word error in the amount of memory to copy was introduced in the original integration of the BigRequests extension for X11R6.0:
thus X.Org believes all versions of X11R6.x are affected, as are all versions of the standalone libX11 prior to the libX11 1.6.0 release in June 2013. Fixes ===== As noted above, the fix is already available in this libX11 git commit: 39547d600a13713e15429f49768e54c3173c828d which is also included in libX11 1.6.0 and later module releases from X.Org, however, for the fix to be effective, all software which references the MakeBigReq() or SetReqLen() macros from Xlibint.h must be recompiled with the new header. -- -Alan Coopersmith- alan.coopersmith at oracle.com X.Org Security Response Team - xorg-security at lists.x.org
Change History (2)
Note: See TracTickets for help on using tickets.