VDB
CVE-2013-1994
CVE-2013-1994
PUBLISHED
CVSS 6.800000190734863 MEDIUM
Multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro in openChrome 0.3.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) uniDRIOpenConnection and (2) uniDRIGetClientDriverName functions.
EPSS 0.42% · 62.3th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
0.42%
62.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| openchrome | openchrome | 0 |
| n/a | n/a | n/a |
| x | libchromexvmcpro | |
| x | libchromexvmc |
Exploit Intelligence
Timeline
- Jun 15, 2013 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 17, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- USN-1871-1 vendor-advisory
- DSA-2679 vendor-advisory
- [oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries mailing-list
- http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 url
- https://nvd.nist.gov/vuln/detail/CVE-2013-1994 advisory
- https://access.redhat.com/errata/RHBA-2014:1376 url
- https://access.redhat.com/security/cve/CVE-2013-1994 url
- https://bugzilla.redhat.com/show_bug.cgi?id=959079 url