CVE-2013-1984

Publication date 23 May 2013

Last updated 24 July 2024

Ubuntu priority

Description

Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libxi	13.04 raring	Fixed 2:1.6.99.1-0ubuntu3.1
	12.10 quantal	Fixed 2:1.6.1-1ubuntu0.1
	12.04 LTS precise	Fixed 2:1.6.0-0ubuntu2.1
	10.04 LTS lucid	Fixed 2:1.3-3ubuntu0.2

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libxi	Upstream: ?id=59b Upstream: ?id=b0b Upstream: ?id=322 Upstream: ?id=6dd Upstream: ?id=bb9 Upstream: ?id=242 Upstream: ?id=528 Upstream: ?id=170 Upstream: ?id=ef8

References

Related Ubuntu Security Notices (USN)

USN-1859-1
libxi vulnerabilities
5 June 2013