CVE-2013-1591

{"id": "CVE-2013-1591", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2013-01-31T23:55:01.037", "references": [{"url": "http://cgit.freedesktop.org/pixman/commit/?id=de60e2e0e3eb6084f8f14b63f25b3cbfb012943f", "tags": ["Mailing List", "Patch"], "source": "[email protected]"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0687.html", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0746.html", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:116", "tags": ["Broken Link"], "source": "[email protected]"}, {"url": "http://www.palemoon.org/releasenotes-ng.shtml", "tags": ["Broken Link"], "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=910149", "tags": ["Exploit", "Issue Tracking", "Patch"], "source": "[email protected]"}, {"url": "https://support.f5.com/csp/article/K51392553", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0077", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "http://cgit.freedesktop.org/pixman/commit/?id=de60e2e0e3eb6084f8f14b63f25b3cbfb012943f", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0687.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0746.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:116", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.palemoon.org/releasenotes-ng.shtml", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=910149", "tags": ["Exploit", "Issue Tracking", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.f5.com/csp/article/K51392553", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0077", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en libpixman, utilizado en Pale Moon anterior a 15.4, tiene un impacto y vectores de ataque no especificados."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "105130E9-D48E-4FB8-A715-E6438EC7E744"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:palemoon:pale_moon:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC382A9A-521E-4EF7-8EAC-F262B26E4170", "versionEndExcluding": "15.4"}], "operator": "OR"}]}], "evaluatorComment": "Adding additional products per \n\nhttp://rhn.redhat.com/errata/RHSA-2013-0687.html\n\nRed Hat Enterprise Linux 6\n\nhttp://rhn.redhat.com/errata/RHSA-2013-0746.html\n\nRed Hat Enterprise Virtualization 3", "sourceIdentifier": "[email protected]"}