CVE-2013-1591
CRITICALRedhat Enterprise Virtualization < 15.4 - Integer Overflow
Title source: ruleDescription
Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop.
References (8)
Core 8
Core References
Exploit, Issue Tracking, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=910149
Broken Link x_refsource_confirm
http://www.palemoon.org/releasenotes-ng.shtml
Third Party Advisory x_refsource_confirm
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0077
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0687.html
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0746.html
Mailing List, Patch x_refsource_misc
http://cgit.freedesktop.org/pixman/commit/?id=de60e2e0e3eb6084f8f14b63f25b3cbfb012943f
Broken Link vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:116
Third Party Advisory x_refsource_confirm
https://support.f5.com/csp/article/K51392553
Scores
CVSS v3
9.8
EPSS
0.0363
EPSS Percentile
88.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (3)
palemoon/pale_moon
< 15.4
redhat/enterprise_linux
6.0
redhat/enterprise_virtualization
3.0
Published
Jan 31, 2013
Tracked Since
Feb 18, 2026