CVE-2013-2064 [Medium] | Memory Corruption in Debian Linux

CVE-2013-2064 is rated Moderate Risk (57.5/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 2.45%). EPSS rose +1.51% over the last day, indicating growing attacker interest. Review affected assets and schedule remediation.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.94%	2.45%	+1.51%
2	2025-08-02	1.02%	0.94%	-0.07%
3	2025-03-30	—	1.02%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

0.94%

2.45%

+1.51%

2025-08-02

1.02%

0.94%

-0.07%

2025-03-30

—

1.02%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
6.8	2.0	MEDIUM	`AV:N/AC:M/Au:N/C:P/I:P/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:P) Partial availability impact.	8.6	6.4	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

6.8

2.0

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:P): Partial availability impact.

8.6

6.4

[email protected]

OS Trackers for CVE-2013-2064

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2013-2064 not yet assigned priority: Debian including 1 source packages (libxcb), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2013-2064
`gentoo`	high	CVE-2013-2064: 1 GLSA(s) (201405-07), 1 atom(s) (x11-base/xorg-server); latest impact high.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2013-2064
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2013-2064
`suse`	medium	CVE-2013-2064 severity moderate: SUSE including 307 source package names (libxcb-composite0-1.10-1.21, libxcb-composite0-1.10-3.1, …), 653 product×package rows across 43 product lines (SUSE Linux Enterprise Desktop 11 SP2, SUSE Linux Enterprise Desktop 12, … (43 product lines)): Fixed 650, Known Not Affected 3.	https://www.suse.com/security/cve/CVE-2013-2064/
`ubuntu`	medium	CVE-2013-2064 medium priority: Ubuntu including 1 source packages (libxcb), 5 status rows across 5 suites (lucid, precise, quantal, raring, upstream): released 4, pending 1.	https://ubuntu.com/security/CVE-2013-2064

Affected software / configurations for CVE-2013-2064

Vendor	Product	Version	Raw CPE
debian	debian_linux	6.0	cpe:2.3:o:debian:debian_linux:6.0:::::::*
debian	debian_linux	7.0	cpe:2.3:o:debian:debian_linux:7.0:::::::*
oracle	secure_global_desktop	4.71	cpe:2.3:a:oracle:secure_global_desktop:4.71:::::::*
oracle	secure_global_desktop	5.2	cpe:2.3:a:oracle:secure_global_desktop:5.2:::::::*
canonical	ubuntu_linux	10.04	cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts:::
canonical	ubuntu_linux	12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
canonical	ubuntu_linux	12.10	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
canonical	ubuntu_linux	13.04	cpe:2.3:o:canonical:ubuntu_linux:13.04:::::::*
opensuse	opensuse	12.2	cpe:2.3:o:opensuse:opensuse:12.2:::::::*
opensuse	opensuse	12.3	cpe:2.3:o:opensuse:opensuse:12.3:::::::*
fedoraproject	fedora	19	cpe:2.3:o:fedoraproject:fedora:19:::::::*
x	libxcb	<= 1.9	cpe:2.3:a:x:libxcb::::::::
x	libxcb	1.1.90.1	cpe:2.3:a:x:libxcb:1.1.90.1:::::::*
x	libxcb	1.1.91	cpe:2.3:a:x:libxcb:1.1.91:::::::*
x	libxcb	1.1.92	cpe:2.3:a:x:libxcb:1.1.92:::::::*
x	libxcb	1.1.93	cpe:2.3:a:x:libxcb:1.1.93:::::::*
x	libxcb	1.2	cpe:2.3:a:x:libxcb:1.2:::::::*
x	libxcb	1.3	cpe:2.3:a:x:libxcb:1.3:::::::*
x	libxcb	1.4	cpe:2.3:a:x:libxcb:1.4:::::::*
x	libxcb	1.5	cpe:2.3:a:x:libxcb:1.5:::::::*
x	libxcb	1.6	cpe:2.3:a:x:libxcb:1.6:::::::*
x	libxcb	1.7	cpe:2.3:a:x:libxcb:1.7:::::::*
x	libxcb	1.8	cpe:2.3:a:x:libxcb:1.8:::::::*
x	libxcb	1.8.1	cpe:2.3:a:x:libxcb:1.8.1:::::::*

References for CVE-2013-2064

URL	Tags
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106752.html	Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-06/msg00137.html	Third Party Advisory
http://www.debian.org/security/2013/dsa-2686	Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/05/23/3	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Vendor Advisory
http://www.securityfocus.com/bid/60148
http://www.ubuntu.com/usn/USN-1855-1	Third Party Advisory
http://www.x.org/wiki/Development/Security/Advisory-2013-05-23	Vendor Advisory

URL

CVE-2013-2064

Exploit prediction scoring system (EPSS) score for CVE-2013-2064

Common vulnerability scoring system (CVSS) metrics for CVE-2013-2064

Weakness enumeration for CVE-2013-2064

OS Trackers for CVE-2013-2064

Affected software / configurations for CVE-2013-2064

References for CVE-2013-2064