CVE-2013-0800

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-0800
Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0696.html Broken Link
http://rhn.redhat.com/errata/RHSA-2013-0697.html Broken Link
http://www.debian.org/security/2013/dsa-2699 Third Party Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-31.html Vendor Advisory
http://www.ubuntu.com/usn/USN-1791-1 Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=825721 Issue Tracking Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16909 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
History

No history.

Information

Published : 2013-04-03 11:56

Updated : 2024-02-04 18:16

NVD link : CVE-2013-0800

Mitre link : CVE-2013-0800

CVE.ORG link : CVE-2013-0800

JSON object : View

Products Affected

mozilla

  • thunderbird_esr
  • firefox
  • seamonkey
  • firefox_esr
  • thunderbird

suse

  • linux_enterprise_desktop
  • linux_enterprise_software_development_kit
  • linux_enterprise_server

canonical

  • ubuntu_linux

opensuse

  • opensuse

debian

  • debian_linux
CWE
NVD-CWE-Other