[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: Fwd: X.Org Security Advisory: Issues in libX11 prior to 1.8.7 & libXpm prior to 3
From: Alan Coopersmith <alan.coopersmith () oracle ! com>
Date: 2024-01-24 18:29:29
Message-ID: e32d5910-0234-46cd-b7f0-6bb08b3020a6 () oracle ! com
[Download RAW message or body]
On 10/3/23 09:31, Alan Coopersmith wrote:
> 2) CVE-2023-43786 libX11: stack exhaustion from infinite recursion
> in PutSubImage()
>
> Introduced in: X11R2 [released Feb. 1988]
> Fixed in: libX11 1.8.7
> Found by: Yair Mizrahi of the JFrog Vulnerability Research team
> 3) CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to
> a heap overflow
>
> Introduced in: X11R2 [released Feb. 1988]
> Fixed in: libX11 1.8.7
> Found by: Yair Mizrahi of the JFrog Vulnerability Research team
> Fixed by: Yair Mizrahi of the JFrog Vulnerability Research team
Yair Mizrahi has now posted more about these two issues at:
https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-one/
https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/
--
-Alan Coopersmith- alan.coopersmith@oracle.com
X.Org Security Response Team - xorg-security@lists.x.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic