'[oss-security] Re: Fwd: X.Org Security Advisory: Issues in libX11 prior to 1.8.7 & libXpm prior to 3'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: Fwd: X.Org Security Advisory: Issues in libX11 prior to 1.8.7 & libXpm prior to 3
From:       Alan Coopersmith <alan.coopersmith () oracle ! com>
Date:       2024-01-24 18:29:29
Message-ID: e32d5910-0234-46cd-b7f0-6bb08b3020a6 () oracle ! com
[Download RAW message or body]

On 10/3/23 09:31, Alan Coopersmith wrote:
> 2) CVE-2023-43786 libX11: stack exhaustion from infinite recursion
>     in PutSubImage()
> 
> Introduced in: X11R2 [released Feb. 1988]
> Fixed in: libX11 1.8.7
> Found by: Yair Mizrahi of the JFrog Vulnerability Research team

> 3) CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to
>     a heap overflow
> 
> Introduced in: X11R2 [released Feb. 1988]
> Fixed in: libX11 1.8.7
> Found by: Yair Mizrahi of the JFrog Vulnerability Research team
> Fixed by: Yair Mizrahi of the JFrog Vulnerability Research team

Yair Mizrahi has now posted more about these two issues at:

https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-one/
https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/

-- 
      -Alan Coopersmith-              alan.coopersmith@oracle.com
        X.Org Security Response Team - xorg-security@lists.x.org
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic