CVE-2013-2003
libxcursor - several
EPSS 0.90%
Description
Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate function.
How to fix CVE-2013-2003
To remediate CVE-2013-2003, upgrade the affected package to a fixed version below.
- Debian/libxcursor—upgrade to 1:1.1.13-1+deb7u1 or later
- Debian/libxcursor—upgrade to 1:1.1.10-2+squeeze1 or later
Is CVE-2013-2003 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1:1.1.13-1+deb7u1
- from 0, < 1:1.1.10-2+squeeze1