Ubuntu has issued an advisory on December 3:
A CVE was requested and granted for this issue:
The issue is already fixed upstream in the pixman version in Cauldron.
Note to QA: there's a PoC in the launchpad bug. Beware, it crashes the X server.
Updated pixman packages fix security vulnerability:
Bryan Quigley discovered an integer underflow in pixman. If a user were
tricked into opening a specially crafted file, an attacker could cause a
denial of service via application crash (CVE-2013-6425).
Updated packages in core/updates_testing:
Steps to Reproduce:
CC'ing Thierry. Thierry, please have a look at this also, since there's also CVE-2013-6424 for Xorg and patches for that. Here's the oss-sec thread:
The Launchpad bug has more info which may be of interest as well:
Poc file available at
Advisory 11874.adv committed to svn.
Testing complete on Mageia 3 i586 and x86_64. Validating the update.
Someone from the sysadmin team please push 11874.adv to updates.
LWN has posted the reference for this, with a new page since the Ubuntu one didn't list a CVE. I let them know and imagine they'll combine them soon: