INFSA-2024:2973: libX11 security update
Information about definition
Identificator: INFSA-2024:2973
Type: security
Release date: 2024-08-23 19:54:55 UTC
Information about package
The libX11 packages contain the core X11 protocol client library.
Vulnerabilities description
- CVE-2023-43785
A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.
- CVE-2023-43786
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
- CVE-2023-43787
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2023-43785
|
no information | 6.5 | no information |
|
NIST — CVE-2023-43786
|
no information | 5.5 | no information |
|
NIST — CVE-2023-43787
|
no information | 7.8 | no information |
Updated packages