oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fwd: X.Org Security Advisory: Issues in libX11 prior to 1.8.7 & libXpm prior to 3.5.17

From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Wed, 24 Jan 2024 10:29:29 -0800
On 10/3/23 09:31, Alan Coopersmith wrote:

2) CVE-2023-43786 libX11: stack exhaustion from infinite recursion
    in PutSubImage()

Introduced in: X11R2 [released Feb. 1988]
Fixed in: libX11 1.8.7
Found by: Yair Mizrahi of the JFrog Vulnerability Research team



3) CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to
    a heap overflow

Introduced in: X11R2 [released Feb. 1988]
Fixed in: libX11 1.8.7
Found by: Yair Mizrahi of the JFrog Vulnerability Research team
Fixed by: Yair Mizrahi of the JFrog Vulnerability Research team


Yair Mizrahi has now posted more about these two issues at:

https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-one/
https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/

--
     -Alan Coopersmith-              alan.coopersmith () oracle com
       X.Org Security Response Team - xorg-security () lists x org
Previous By Date Next
Previous By Thread Next

Current thread: