MidnightBSD

Advisories for mesa3d

CVE-2013-1872 MEDIUM

The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mesa3d mesa 9.0.2
canonical ubuntu_linux 12.10
mesa3d mesa 9.0
canonical ubuntu_linux 12.04
mesa3d mesa 8.0.3
mesa3d mesa 9.0.3
canonical ubuntu_linux 13.04
mesa3d mesa 8.0.4
opensuse opensuse 12.3
opensuse opensuse 12.2
mesa3d mesa 8.0.2
redhat enterprise_linux 6.0
mesa3d mesa 9.0.1
mesa3d mesa 8.0
mesa3d mesa 8.0.1
mesa3d mesa 8.0.5
CVE-2013-1993 MEDIUM

Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
mesa3d mesa *
mesa3d mesa 9.0.2
mesa3d mesa 9.0
mesa3d mesa 9.0.3
mesa3d mesa 9.1
x libglx -
mesa3d mesa 9.0.1
CVE-2019-5068 LOW

An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 1.8 2.5

CVSS 2.0

Severity: LOW

Problem Type: CWE-277,CWE-732,

Products Affected

Vendor Product Version
opensuse leap 15.1
debian debian_linux 8.0
canonical ubuntu_linux 19.10
mesa3d mesa 19.1.2
canonical ubuntu_linux 18.04
CVE-2023-45913

Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated.

Products Affected

Vendor Product Version
mesa3d mesa 23.0.4
CVE-2023-45919

Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.

Products Affected

Vendor Product Version
mesa3d mesa 23.0.4
CVE-2023-45922

glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.

Products Affected

Vendor Product Version
mesa3d mesa 23.0.4
CVE-2023-45931

Mesa 23.0.4 was discovered to contain a NULL pointer dereference in check_xshm() for the has_error state. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated.

Products Affected

Vendor Product Version
mesa3d mesa 23.0.4