Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1591

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2013-1591
Last Modified 30 Jan 2014 12:09:46
Published 31 Jan 2013 06:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-1591

Summary

Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop.

Vulnerable Systems

Operating System

  • Redhat Enterprise Linux 6

Application

  • Palemoon Pale Moon 11.0

  • Palemoon Pale Moon 11.0.1

  • Palemoon Pale Moon 12.0

  • Palemoon Pale Moon 12.1

  • Palemoon Pale Moon 12.2

  • Palemoon Pale Moon 12.2.1

  • Palemoon Pale Moon 12.3

  • Palemoon Pale Moon 15.0

  • Palemoon Pale Moon 15.1

  • Palemoon Pale Moon 15.1.1

  • Palemoon Pale Moon 15.2

  • Palemoon Pale Moon 15.2.1

  • Palemoon Pale Moon 15.3

  • Palemoon Pale Moon 15.3.1

  • Palemoon Pale Moon 15.3.2

  • Palemoon Pale Moon 4.0

  • Palemoon Pale Moon 4.0.3

  • Palemoon Pale Moon 4.0.5

  • Palemoon Pale Moon 4.0.6

  • Palemoon Pale Moon 4.0.7

  • Palemoon Pale Moon 5.0

  • Palemoon Pale Moon 6.0

  • Palemoon Pale Moon 6.0.2

  • Palemoon Pale Moon 7.0

  • Palemoon Pale Moon 7.0.1

  • Palemoon Pale Moon 9.0

  • Palemoon Pale Moon 9.0.1

  • Palemoon Pale Moon 9.1

  • Palemoon Pale Moon 9.2

  • Redhat Enterprise Virtualization 3.0


References

CONFIRM - http://www.palemoon.org/releasenotes-ng.shtml

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=910149

REDHAT - RHSA-2013:0746

REDHAT - RHSA-2013:0687

MISC - http://cgit.freedesktop.org/pixman/commit/?id=de60e2e0e3eb6084f8f14b63f25b3cbfb012943f

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0077

MANDRIVA - MDVSA-2013:116


Last Updated: 27 May 2016 11:04:18