CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
5.1 | $0-$5k | 0.00 |
A vulnerability was found in pixman. It has been declared as problematic. This vulnerability affects an unknown code. The manipulation with an unknown input leads to a numeric error vulnerability. The CWE definition for the vulnerability is CWE-189. As an impact it is known to affect availability. CVE summarizes:
Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
The weakness was disclosed 01/18/2014 (Website). The advisory is shared for download at lists.freedesktop.org. This vulnerability was named CVE-2013-6425 since 11/04/2013. The exploitation appears to be easy. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available.
The vulnerability scanner Nessus provides a plugin with the ID 71834 (SuSE 11.3 Security Update : pixman (SAT Patch Number 8697)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family SuSE Local Security Checks.
Upgrading to version 0.9.6 eliminates this vulnerability.
The vulnerability is also documented in the databases at X-Force (89481), Tenable (71834), SecurityFocus (BID 64122†) and Vulnerability Center (SBV-42755†). The entries VDB-63933, VDB-82305, VDB-139058 and VDB-212875 are pretty similar.
Product
Name
Version
- 0.9.6
- 0.10.0
- 0.12.0
- 0.14.0
- 0.16.0
- 0.16.2
- 0.16.4
- 0.18.0
- 0.18.2
- 0.18.4
- 0.20.0
- 0.20.2
- 0.22.0
- 0.22.2
- 0.24.0
- 0.24.2
- 0.24.4
- 0.26.0
- 0.26.2
- 0.28.0
- 0.28.2
- 0.30.0
- 0.30.2
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 5.1
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Numeric errorCWE: CWE-189
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Nessus ID: 71834
Nessus Name: SuSE 11.3 Security Update : pixman (SAT Patch Number 8697)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
OpenVAS ID: 702823
OpenVAS Name: Debian Security Advisory DSA 2823-1 (pixman - integer underflow
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: pixman 0.9.6
Patch: cgit.freedesktop.org
Timeline
11/04/2013 🔍11/18/2013 🔍
01/01/2014 🔍
01/07/2014 🔍
01/18/2014 🔍
01/18/2014 🔍
03/24/2015 🔍
01/31/2022 🔍
Sources
Advisory: USN-2047-1Status: Not defined
Confirmation: 🔍
CVE: CVE-2013-6425 (🔍)
OVAL: 🔍
X-Force: 89481
SecurityFocus: 64122
Vulnerability Center: 42755 - Pixman Before 0.32.0 Remote DoS Vulnerability via a Crafted File Opened in an Application Using Pixman, Medium
See also: 🔍
Entry
Created: 03/24/2015 03:54 PMUpdated: 01/31/2022 11:37 AM
Changes: 03/24/2015 03:54 PM (63), 05/18/2017 05:44 PM (3), 01/31/2022 11:21 AM (4), 01/31/2022 11:29 AM (1), 01/31/2022 11:37 AM (1)
Complete: 🔍
Cache ID: 98:61C:40
No comments yet. Languages: en.
Please log in to comment.