oss-sec mailing list archives
Re: Fwd: X.Org Security Advisory: Issues in libX11 prior to 1.8.7 & libXpm prior to 3.5.17
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Wed, 24 Jan 2024 10:29:29 -0800
On 10/3/23 09:31, Alan Coopersmith wrote:
2) CVE-2023-43786 libX11: stack exhaustion from infinite recursion in PutSubImage() Introduced in: X11R2 [released Feb. 1988] Fixed in: libX11 1.8.7 Found by: Yair Mizrahi of the JFrog Vulnerability Research team
3) CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to a heap overflow Introduced in: X11R2 [released Feb. 1988] Fixed in: libX11 1.8.7 Found by: Yair Mizrahi of the JFrog Vulnerability Research team Fixed by: Yair Mizrahi of the JFrog Vulnerability Research team
Yair Mizrahi has now posted more about these two issues at: https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-one/ https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/ -- -Alan Coopersmith- alan.coopersmith () oracle com X.Org Security Response Team - xorg-security () lists x org
Current thread:
- Re: Fwd: X.Org Security Advisory: Issues in libX11 prior to 1.8.7 & libXpm prior to 3.5.17 Alan Coopersmith (Jan 24)