Search

Find a vulnerability

Search criteria

    30 vulnerabilities found for libx11 by x.org

    CVE-2023-43787 (GCVE-0-2023-43787)

    Vulnerability from nvd – Published: 2023-10-10 12:26 – Updated: 2025-11-06 22:59
    VLAI
    Title
    Libx11: integer overflow in xcreateimage() leading to a heap overflow
    Summary
    A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 1.8.7 (semver)
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.6.8-8.el8 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.7.0-9.el9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Date Public
    2023-10-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:25:14.954Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/01/24/9"
              },
              {
                "name": "RHSA-2024:2145",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2145"
              },
              {
                "name": "RHSA-2024:2973",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2973"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-43787"
              },
              {
                "name": "RHBZ#2242254",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242254"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231103-0006/"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00005.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43787",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-29T18:42:49.281830Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T14:50:50.506Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.freedesktop.org/xorg/lib/libx11",
              "defaultStatus": "unaffected",
              "packageName": "libX11",
              "versions": [
                {
                  "lessThan": "1.8.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libX11",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.8-8.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libX11",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.7.0-9.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libX11",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "libX11",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2023-10-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T22:59:43.505Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:2145",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2145"
            },
            {
              "name": "RHSA-2024:2973",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2973"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-43787"
            },
            {
              "name": "RHBZ#2242254",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242254"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-10-05T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-10-04T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libx11: integer overflow in xcreateimage() leading to a heap overflow",
          "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-43787",
        "datePublished": "2023-10-10T12:26:08.102Z",
        "dateReserved": "2023-09-22T09:52:31.108Z",
        "dateUpdated": "2025-11-06T22:59:43.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-43786 (GCVE-0-2023-43786)

    Vulnerability from nvd – Published: 2023-10-10 12:26 – Updated: 2025-11-06 22:59
    VLAI
    Title
    Libx11: stack exhaustion from infinite recursion in putsubimage()
    Summary
    A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.5.17 (semver)
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.6.8-8.el8 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.7.0-9.el9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Date Public
    2023-10-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43786",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-25T16:06:07.325768Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:25:57.723Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:25:13.867Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/01/24/9"
              },
              {
                "name": "RHSA-2024:2145",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2145"
              },
              {
                "name": "RHSA-2024:2973",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2973"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-43786"
              },
              {
                "name": "RHBZ#2242253",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242253"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231103-0006/"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00005.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.freedesktop.org/xorg/lib/libxpm",
              "defaultStatus": "unaffected",
              "packageName": "libXpm",
              "versions": [
                {
                  "lessThan": "3.5.17",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libX11",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.8-8.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libX11",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.7.0-9.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libX11",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "libX11",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2023-10-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T22:59:38.283Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:2145",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2145"
            },
            {
              "name": "RHSA-2024:2973",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2973"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-43786"
            },
            {
              "name": "RHBZ#2242253",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242253"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-10-05T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-10-04T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libx11: stack exhaustion from infinite recursion in putsubimage()",
          "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-43786",
        "datePublished": "2023-10-10T12:26:07.399Z",
        "dateReserved": "2023-09-22T09:52:31.108Z",
        "dateUpdated": "2025-11-06T22:59:38.283Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-43785 (GCVE-0-2023-43785)

    Vulnerability from nvd – Published: 2023-10-10 12:26 – Updated: 2025-11-06 22:59
    VLAI
    Title
    Libx11: out-of-bounds memory access in _xkbreadkeysyms()
    Summary
    A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 1.8.7 (semver)
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.6.8-8.el8 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.7.0-9.el9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Date Public
    2023-10-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43785",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-25T15:44:16.523489Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:26:00.384Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:25:12.775Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:2145",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2145"
              },
              {
                "name": "RHSA-2024:2973",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2973"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-43785"
              },
              {
                "name": "RHBZ#2242252",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242252"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231103-0006/"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00004.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.freedesktop.org/xorg/lib/libx11",
              "defaultStatus": "unaffected",
              "packageName": "libX11",
              "versions": [
                {
                  "lessThan": "1.8.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libX11",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.8-8.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libX11",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.7.0-9.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libX11",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "libX11",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2023-10-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T22:59:36.693Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:2145",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2145"
            },
            {
              "name": "RHSA-2024:2973",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2973"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-43785"
            },
            {
              "name": "RHBZ#2242252",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242252"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-10-05T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-10-04T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libx11: out-of-bounds memory access in _xkbreadkeysyms()",
          "x_redhatCweChain": "CWE-787: Out-of-bounds Write"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-43785",
        "datePublished": "2023-10-10T12:26:02.015Z",
        "dateReserved": "2023-09-22T09:52:31.108Z",
        "dateUpdated": "2025-11-06T22:59:36.693Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-3138 (GCVE-0-2023-3138)

    Vulnerability from nvd – Published: 2023-06-28 00:00 – Updated: 2024-08-02 06:48
    VLAI
    Summary
    A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a libX11 Affected: libX11 1.8.6
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:07.359Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-3138"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.x.org/archives/xorg-announce/2023-June/003406.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.x.org/archives/xorg-announce/2023-June/003407.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231208-0008/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "libX11",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "libX11 1.8.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-08T19:06:17.298Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://access.redhat.com/security/cve/CVE-2023-3138"
            },
            {
              "url": "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c"
            },
            {
              "url": "https://lists.x.org/archives/xorg-announce/2023-June/003406.html"
            },
            {
              "url": "https://lists.x.org/archives/xorg-announce/2023-June/003407.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231208-0008/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-3138",
        "datePublished": "2023-06-28T00:00:00.000Z",
        "dateReserved": "2023-06-07T00:00:00.000Z",
        "dateUpdated": "2024-08-02T06:48:07.359Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-31535 (GCVE-0-2021-31535)

    Vulnerability from nvd – Published: 2021-05-27 12:26 – Updated: 2024-08-03 23:03
    VLAI
    Summary
    LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:03:33.270Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.freedesktop.org/archives/xorg/"
              },
              {
                "name": "[oss-security] 20210518 libX11 security advisory: May 18, 2021",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/05/18/2"
              },
              {
                "name": "20210520 CVE-2021-31535 libX11 Insufficient Length Checks PoC and Archeology",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/May/52"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/162737/libX11-Insufficient-Length-Check-Injection.html"
              },
              {
                "name": "[debian-lts-announce] 20210524 [SECURITY] [DLA 2666-1] libx11 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00021.html"
              },
              {
                "name": "DSA-4920",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4920"
              },
              {
                "name": "GLSA-202105-16",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202105-16"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2021/05/18/3"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2021/05/18/2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.x.org/archives/xorg-announce/2021-May/003088.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210813-0001/"
              },
              {
                "name": "FEDORA-2021-62bb9998b2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEOT4RLB76RVPJQKGGTIKTBIOLHX2NR6/"
              },
              {
                "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
              },
              {
                "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
              },
              {
                "name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
              },
              {
                "name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-02T03:07:21.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.freedesktop.org/archives/xorg/"
            },
            {
              "name": "[oss-security] 20210518 libX11 security advisory: May 18, 2021",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/05/18/2"
            },
            {
              "name": "20210520 CVE-2021-31535 libX11 Insufficient Length Checks PoC and Archeology",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/May/52"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/162737/libX11-Insufficient-Length-Check-Injection.html"
            },
            {
              "name": "[debian-lts-announce] 20210524 [SECURITY] [DLA 2666-1] libx11 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00021.html"
            },
            {
              "name": "DSA-4920",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4920"
            },
            {
              "name": "GLSA-202105-16",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202105-16"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2021/05/18/3"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2021/05/18/2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.x.org/archives/xorg-announce/2021-May/003088.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210813-0001/"
            },
            {
              "name": "FEDORA-2021-62bb9998b2",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEOT4RLB76RVPJQKGGTIKTBIOLHX2NR6/"
            },
            {
              "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-31535",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt",
                  "refsource": "MISC",
                  "url": "https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt"
                },
                {
                  "name": "https://lists.freedesktop.org/archives/xorg/",
                  "refsource": "MISC",
                  "url": "https://lists.freedesktop.org/archives/xorg/"
                },
                {
                  "name": "[oss-security] 20210518 libX11 security advisory: May 18, 2021",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/05/18/2"
                },
                {
                  "name": "20210520 CVE-2021-31535 libX11 Insufficient Length Checks PoC and Archeology",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/May/52"
                },
                {
                  "name": "http://packetstormsecurity.com/files/162737/libX11-Insufficient-Length-Check-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/162737/libX11-Insufficient-Length-Check-Injection.html"
                },
                {
                  "name": "[debian-lts-announce] 20210524 [SECURITY] [DLA 2666-1] libx11 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00021.html"
                },
                {
                  "name": "DSA-4920",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2021/dsa-4920"
                },
                {
                  "name": "GLSA-202105-16",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202105-16"
                },
                {
                  "name": "https://www.openwall.com/lists/oss-security/2021/05/18/3",
                  "refsource": "MISC",
                  "url": "https://www.openwall.com/lists/oss-security/2021/05/18/3"
                },
                {
                  "name": "https://www.openwall.com/lists/oss-security/2021/05/18/2",
                  "refsource": "MISC",
                  "url": "https://www.openwall.com/lists/oss-security/2021/05/18/2"
                },
                {
                  "name": "https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/",
                  "refsource": "MISC",
                  "url": "https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/"
                },
                {
                  "name": "https://lists.x.org/archives/xorg-announce/2021-May/003088.html",
                  "refsource": "MISC",
                  "url": "https://lists.x.org/archives/xorg-announce/2021-May/003088.html"
                },
                {
                  "name": "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605",
                  "refsource": "MISC",
                  "url": "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210813-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210813-0001/"
                },
                {
                  "name": "FEDORA-2021-62bb9998b2",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEOT4RLB76RVPJQKGGTIKTBIOLHX2NR6/"
                },
                {
                  "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E"
                },
                {
                  "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E"
                },
                {
                  "name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E"
                },
                {
                  "name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-31535",
        "datePublished": "2021-05-27T12:26:26.000Z",
        "dateReserved": "2021-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:03:33.270Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14363 (GCVE-0-2020-14363)

    Vulnerability from nvd – Published: 2020-09-11 18:02 – Updated: 2024-08-04 12:46
    VLAI
    Summary
    An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.
    Assigner
    Impacted products
    Vendor Product Version
    The X11 Project libX11 Affected: 1.6.12
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:46:34.044Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.x.org/archives/xorg-announce/2020-August/003056.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363"
              },
              {
                "name": "USN-4487-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4487-2/"
              },
              {
                "name": "FEDORA-2020-cf0afbd27e",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "libX11",
              "vendor": "The X11 Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.12"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-29T05:13:48.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.x.org/archives/xorg-announce/2020-August/003056.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363"
            },
            {
              "name": "USN-4487-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4487-2/"
            },
            {
              "name": "FEDORA-2020-cf0afbd27e",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2020-14363",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "libX11",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.6.12"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "The X11 Project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "7.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "version": "3.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-190"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-416"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt",
                  "refsource": "MISC",
                  "url": "https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt"
                },
                {
                  "name": "https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh",
                  "refsource": "MISC",
                  "url": "https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh"
                },
                {
                  "name": "https://lists.x.org/archives/xorg-announce/2020-August/003056.html",
                  "refsource": "MISC",
                  "url": "https://lists.x.org/archives/xorg-announce/2020-August/003056.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363"
                },
                {
                  "name": "USN-4487-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4487-2/"
                },
                {
                  "name": "FEDORA-2020-cf0afbd27e",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2020-14363",
        "datePublished": "2020-09-11T18:02:24.000Z",
        "dateReserved": "2020-06-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:46:34.044Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14344 (GCVE-0-2020-14344)

    Vulnerability from nvd – Published: 2020-08-05 13:08 – Updated: 2024-08-04 12:39
    VLAI
    Summary
    An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    The X11 Project libX11 Affected: 1.6.10
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:39:36.520Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.x.org/archives/xorg-announce/2020-July/003050.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2020/07/31/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344"
              },
              {
                "name": "openSUSE-SU-2020:1162",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html"
              },
              {
                "name": "openSUSE-SU-2020:1164",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html"
              },
              {
                "name": "openSUSE-SU-2020:1182",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html"
              },
              {
                "name": "openSUSE-SU-2020:1198",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html"
              },
              {
                "name": "FEDORA-2020-eba554b9d5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/"
              },
              {
                "name": "GLSA-202008-18",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202008-18"
              },
              {
                "name": "USN-4487-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4487-1/"
              },
              {
                "name": "FEDORA-2020-9a0b272cc1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/"
              },
              {
                "name": "USN-4487-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4487-2/"
              },
              {
                "name": "FEDORA-2020-cf0afbd27e",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "libX11",
              "vendor": "The X11 Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-25T18:06:12.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.x.org/archives/xorg-announce/2020-July/003050.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2020/07/31/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344"
            },
            {
              "name": "openSUSE-SU-2020:1162",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html"
            },
            {
              "name": "openSUSE-SU-2020:1164",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html"
            },
            {
              "name": "openSUSE-SU-2020:1182",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html"
            },
            {
              "name": "openSUSE-SU-2020:1198",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html"
            },
            {
              "name": "FEDORA-2020-eba554b9d5",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/"
            },
            {
              "name": "GLSA-202008-18",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202008-18"
            },
            {
              "name": "USN-4487-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4487-1/"
            },
            {
              "name": "FEDORA-2020-9a0b272cc1",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/"
            },
            {
              "name": "USN-4487-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4487-2/"
            },
            {
              "name": "FEDORA-2020-cf0afbd27e",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2020-14344",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "libX11",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.6.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "The X11 Project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "6.7/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                    "version": "3.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-190"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://lists.x.org/archives/xorg-announce/2020-July/003050.html",
                  "refsource": "MISC",
                  "url": "https://lists.x.org/archives/xorg-announce/2020-July/003050.html"
                },
                {
                  "name": "https://www.openwall.com/lists/oss-security/2020/07/31/1",
                  "refsource": "MISC",
                  "url": "https://www.openwall.com/lists/oss-security/2020/07/31/1"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344"
                },
                {
                  "name": "openSUSE-SU-2020:1162",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html"
                },
                {
                  "name": "openSUSE-SU-2020:1164",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html"
                },
                {
                  "name": "openSUSE-SU-2020:1182",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html"
                },
                {
                  "name": "openSUSE-SU-2020:1198",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html"
                },
                {
                  "name": "FEDORA-2020-eba554b9d5",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/"
                },
                {
                  "name": "GLSA-202008-18",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202008-18"
                },
                {
                  "name": "USN-4487-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4487-1/"
                },
                {
                  "name": "FEDORA-2020-9a0b272cc1",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/"
                },
                {
                  "name": "USN-4487-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4487-2/"
                },
                {
                  "name": "FEDORA-2020-cf0afbd27e",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2020-14344",
        "datePublished": "2020-08-05T13:08:33.000Z",
        "dateReserved": "2020-06-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:39:36.520Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14600 (GCVE-0-2018-14600)

    Vulnerability from nvd – Published: 2018-08-24 19:00 – Updated: 2024-08-05 09:29
    VLAI
    Summary
    An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://usn.ubuntu.com/3758-2/ vendor-advisoryx_refsource_UBUNTU
    https://security.gentoo.org/glsa/201811-01 vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/105177 vdb-entryx_refsource_BID
    https://bugzilla.suse.com/show_bug.cgi?id=1102068 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2018/08/21/6 mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id/1041543 vdb-entryx_refsource_SECTRACK
    https://cgit.freedesktop.org/xorg/lib/libX11/comm… x_refsource_CONFIRM
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://lists.x.org/archives/xorg-announce/2018-A… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/3758-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2019:2079 vendor-advisoryx_refsource_REDHAT
    Date Public
    2018-08-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:29:51.697Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3758-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3758-2/"
              },
              {
                "name": "GLSA-201811-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201811-01"
              },
              {
                "name": "105177",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105177"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102068"
              },
              {
                "name": "[oss-security] 20180821 X.Org security advisory: August 21, 2018",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2018/08/21/6"
              },
              {
                "name": "1041543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041543"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=dbf72805fd9d7b1846fe9a11b46f3994bfc27fea"
              },
              {
                "name": "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html"
              },
              {
                "name": "[xorg-announce] 20180821 libX11 1.6.6",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.x.org/archives/xorg-announce/2018-August/002916.html"
              },
              {
                "name": "USN-3758-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3758-1/"
              },
              {
                "name": "RHSA-2019:2079",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2079"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-06T16:06:20.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3758-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3758-2/"
            },
            {
              "name": "GLSA-201811-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201811-01"
            },
            {
              "name": "105177",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105177"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102068"
            },
            {
              "name": "[oss-security] 20180821 X.Org security advisory: August 21, 2018",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2018/08/21/6"
            },
            {
              "name": "1041543",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041543"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=dbf72805fd9d7b1846fe9a11b46f3994bfc27fea"
            },
            {
              "name": "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html"
            },
            {
              "name": "[xorg-announce] 20180821 libX11 1.6.6",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.x.org/archives/xorg-announce/2018-August/002916.html"
            },
            {
              "name": "USN-3758-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3758-1/"
            },
            {
              "name": "RHSA-2019:2079",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2079"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-14600",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3758-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3758-2/"
                },
                {
                  "name": "GLSA-201811-01",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201811-01"
                },
                {
                  "name": "105177",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105177"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1102068",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102068"
                },
                {
                  "name": "[oss-security] 20180821 X.Org security advisory: August 21, 2018",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2018/08/21/6"
                },
                {
                  "name": "1041543",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041543"
                },
                {
                  "name": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=dbf72805fd9d7b1846fe9a11b46f3994bfc27fea",
                  "refsource": "CONFIRM",
                  "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=dbf72805fd9d7b1846fe9a11b46f3994bfc27fea"
                },
                {
                  "name": "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html"
                },
                {
                  "name": "[xorg-announce] 20180821 libX11 1.6.6",
                  "refsource": "MLIST",
                  "url": "https://lists.x.org/archives/xorg-announce/2018-August/002916.html"
                },
                {
                  "name": "USN-3758-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3758-1/"
                },
                {
                  "name": "RHSA-2019:2079",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2079"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-14600",
        "datePublished": "2018-08-24T19:00:00.000Z",
        "dateReserved": "2018-07-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:29:51.697Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14599 (GCVE-0-2018-14599)

    Vulnerability from nvd – Published: 2018-08-24 19:00 – Updated: 2024-08-05 09:29
    VLAI
    Summary
    An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://usn.ubuntu.com/3758-2/ vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.suse.com/show_bug.cgi?id=1102062 x_refsource_CONFIRM
    https://cgit.freedesktop.org/xorg/lib/libX11/comm… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201811-01 vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/105177 vdb-entryx_refsource_BID
    http://www.openwall.com/lists/oss-security/2018/08/21/6 mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id/1041543 vdb-entryx_refsource_SECTRACK
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://lists.x.org/archives/xorg-announce/2018-A… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/3758-1/ vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://access.redhat.com/errata/RHSA-2019:2079 vendor-advisoryx_refsource_REDHAT
    Date Public
    2018-08-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:29:51.671Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3758-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3758-2/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102062"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0"
              },
              {
                "name": "GLSA-201811-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201811-01"
              },
              {
                "name": "105177",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105177"
              },
              {
                "name": "[oss-security] 20180821 X.Org security advisory: August 21, 2018",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2018/08/21/6"
              },
              {
                "name": "1041543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041543"
              },
              {
                "name": "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html"
              },
              {
                "name": "[xorg-announce] 20180821 libX11 1.6.6",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.x.org/archives/xorg-announce/2018-August/002916.html"
              },
              {
                "name": "USN-3758-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3758-1/"
              },
              {
                "name": "FEDORA-2019-6a756fe3a5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/"
              },
              {
                "name": "RHSA-2019:2079",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2079"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-06T16:06:20.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3758-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3758-2/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102062"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0"
            },
            {
              "name": "GLSA-201811-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201811-01"
            },
            {
              "name": "105177",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105177"
            },
            {
              "name": "[oss-security] 20180821 X.Org security advisory: August 21, 2018",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2018/08/21/6"
            },
            {
              "name": "1041543",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041543"
            },
            {
              "name": "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html"
            },
            {
              "name": "[xorg-announce] 20180821 libX11 1.6.6",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.x.org/archives/xorg-announce/2018-August/002916.html"
            },
            {
              "name": "USN-3758-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3758-1/"
            },
            {
              "name": "FEDORA-2019-6a756fe3a5",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/"
            },
            {
              "name": "RHSA-2019:2079",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2079"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-14599",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3758-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3758-2/"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1102062",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102062"
                },
                {
                  "name": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0",
                  "refsource": "CONFIRM",
                  "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0"
                },
                {
                  "name": "GLSA-201811-01",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201811-01"
                },
                {
                  "name": "105177",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105177"
                },
                {
                  "name": "[oss-security] 20180821 X.Org security advisory: August 21, 2018",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2018/08/21/6"
                },
                {
                  "name": "1041543",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041543"
                },
                {
                  "name": "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html"
                },
                {
                  "name": "[xorg-announce] 20180821 libX11 1.6.6",
                  "refsource": "MLIST",
                  "url": "https://lists.x.org/archives/xorg-announce/2018-August/002916.html"
                },
                {
                  "name": "USN-3758-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3758-1/"
                },
                {
                  "name": "FEDORA-2019-6a756fe3a5",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/"
                },
                {
                  "name": "RHSA-2019:2079",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2079"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-14599",
        "datePublished": "2018-08-24T19:00:00.000Z",
        "dateReserved": "2018-07-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:29:51.671Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14598 (GCVE-0-2018-14598)

    Vulnerability from nvd – Published: 2018-08-24 19:00 – Updated: 2024-08-05 09:29
    VLAI
    Summary
    An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://usn.ubuntu.com/3758-2/ vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.suse.com/show_bug.cgi?id=1102073 x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201811-01 vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/105177 vdb-entryx_refsource_BID
    https://cgit.freedesktop.org/xorg/lib/libX11/comm… x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2018/08/21/6 mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id/1041543 vdb-entryx_refsource_SECTRACK
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://lists.x.org/archives/xorg-announce/2018-A… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/3758-1/ vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://access.redhat.com/errata/RHSA-2019:2079 vendor-advisoryx_refsource_REDHAT
    Date Public
    2018-08-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:29:51.690Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3758-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3758-2/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102073"
              },
              {
                "name": "GLSA-201811-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201811-01"
              },
              {
                "name": "105177",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105177"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2"
              },
              {
                "name": "[oss-security] 20180821 X.Org security advisory: August 21, 2018",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2018/08/21/6"
              },
              {
                "name": "1041543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041543"
              },
              {
                "name": "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html"
              },
              {
                "name": "[xorg-announce] 20180821 libX11 1.6.6",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.x.org/archives/xorg-announce/2018-August/002916.html"
              },
              {
                "name": "USN-3758-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3758-1/"
              },
              {
                "name": "FEDORA-2019-6a756fe3a5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/"
              },
              {
                "name": "RHSA-2019:2079",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2079"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-06T16:06:20.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3758-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3758-2/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102073"
            },
            {
              "name": "GLSA-201811-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201811-01"
            },
            {
              "name": "105177",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105177"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2"
            },
            {
              "name": "[oss-security] 20180821 X.Org security advisory: August 21, 2018",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2018/08/21/6"
            },
            {
              "name": "1041543",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041543"
            },
            {
              "name": "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html"
            },
            {
              "name": "[xorg-announce] 20180821 libX11 1.6.6",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.x.org/archives/xorg-announce/2018-August/002916.html"
            },
            {
              "name": "USN-3758-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3758-1/"
            },
            {
              "name": "FEDORA-2019-6a756fe3a5",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/"
            },
            {
              "name": "RHSA-2019:2079",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2079"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-14598",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3758-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3758-2/"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1102073",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102073"
                },
                {
                  "name": "GLSA-201811-01",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201811-01"
                },
                {
                  "name": "105177",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105177"
                },
                {
                  "name": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2",
                  "refsource": "CONFIRM",
                  "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2"
                },
                {
                  "name": "[oss-security] 20180821 X.Org security advisory: August 21, 2018",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2018/08/21/6"
                },
                {
                  "name": "1041543",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041543"
                },
                {
                  "name": "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html"
                },
                {
                  "name": "[xorg-announce] 20180821 libX11 1.6.6",
                  "refsource": "MLIST",
                  "url": "https://lists.x.org/archives/xorg-announce/2018-August/002916.html"
                },
                {
                  "name": "USN-3758-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3758-1/"
                },
                {
                  "name": "FEDORA-2019-6a756fe3a5",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/"
                },
                {
                  "name": "RHSA-2019:2079",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2079"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-14598",
        "datePublished": "2018-08-24T19:00:00.000Z",
        "dateReserved": "2018-07-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:29:51.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7943 (GCVE-0-2016-7943)

    Vulnerability from nvd – Published: 2016-12-13 20:00 – Updated: 2024-08-06 02:13
    VLAI
    Summary
    The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1036945 vdb-entryx_refsource_SECTRACK
    https://usn.ubuntu.com/3758-2/ vendor-advisoryx_refsource_UBUNTU
    https://cgit.freedesktop.org/xorg/lib/libX11/comm… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201704-03 vendor-advisoryx_refsource_GENTOO
    https://lists.x.org/archives/xorg-announce/2016-O… mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2016/10/04/4 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2016/10/04/2 mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/93362 vdb-entryx_refsource_BID
    https://usn.ubuntu.com/3758-1/ vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    Date Public
    2016-10-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:13:21.110Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1036945",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036945"
              },
              {
                "name": "USN-3758-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3758-2/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9"
              },
              {
                "name": "GLSA-201704-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201704-03"
              },
              {
                "name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
              },
              {
                "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"
              },
              {
                "name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"
              },
              {
                "name": "93362",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93362"
              },
              {
                "name": "USN-3758-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3758-1/"
              },
              {
                "name": "FEDORA-2016-0df69ab477",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMCVDXMFPXR7QGMKDG22WPPJCXH2X3L7/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-10-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:44.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "name": "1036945",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036945"
            },
            {
              "name": "USN-3758-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3758-2/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9"
            },
            {
              "name": "GLSA-201704-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201704-03"
            },
            {
              "name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
            },
            {
              "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"
            },
            {
              "name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"
            },
            {
              "name": "93362",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93362"
            },
            {
              "name": "USN-3758-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3758-1/"
            },
            {
              "name": "FEDORA-2016-0df69ab477",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMCVDXMFPXR7QGMKDG22WPPJCXH2X3L7/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2016-7943",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1036945",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036945"
                },
                {
                  "name": "USN-3758-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3758-2/"
                },
                {
                  "name": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9",
                  "refsource": "CONFIRM",
                  "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9"
                },
                {
                  "name": "GLSA-201704-03",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201704-03"
                },
                {
                  "name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
                  "refsource": "MLIST",
                  "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
                },
                {
                  "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"
                },
                {
                  "name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"
                },
                {
                  "name": "93362",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93362"
                },
                {
                  "name": "USN-3758-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3758-1/"
                },
                {
                  "name": "FEDORA-2016-0df69ab477",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMCVDXMFPXR7QGMKDG22WPPJCXH2X3L7/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2016-7943",
        "datePublished": "2016-12-13T20:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:13:21.110Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7942 (GCVE-0-2016-7942)

    Vulnerability from nvd – Published: 2016-12-13 20:00 – Updated: 2024-08-06 02:13
    VLAI
    Summary
    The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1036945 vdb-entryx_refsource_SECTRACK
    https://usn.ubuntu.com/3758-2/ vendor-advisoryx_refsource_UBUNTU
    https://security.gentoo.org/glsa/201704-03 vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/93363 vdb-entryx_refsource_BID
    https://lists.x.org/archives/xorg-announce/2016-O… mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2016/10/04/4 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2016/10/04/2 mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/3758-1/ vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://cgit.freedesktop.org/xorg/lib/libX11/comm… x_refsource_CONFIRM
    Date Public
    2016-10-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:13:21.749Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1036945",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036945"
              },
              {
                "name": "USN-3758-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3758-2/"
              },
              {
                "name": "GLSA-201704-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201704-03"
              },
              {
                "name": "93363",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93363"
              },
              {
                "name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
              },
              {
                "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"
              },
              {
                "name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"
              },
              {
                "name": "USN-3758-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3758-1/"
              },
              {
                "name": "FEDORA-2016-0df69ab477",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMCVDXMFPXR7QGMKDG22WPPJCXH2X3L7/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-10-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:55.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "name": "1036945",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036945"
            },
            {
              "name": "USN-3758-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3758-2/"
            },
            {
              "name": "GLSA-201704-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201704-03"
            },
            {
              "name": "93363",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93363"
            },
            {
              "name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
            },
            {
              "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"
            },
            {
              "name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"
            },
            {
              "name": "USN-3758-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3758-1/"
            },
            {
              "name": "FEDORA-2016-0df69ab477",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMCVDXMFPXR7QGMKDG22WPPJCXH2X3L7/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2016-7942",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1036945",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036945"
                },
                {
                  "name": "USN-3758-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3758-2/"
                },
                {
                  "name": "GLSA-201704-03",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201704-03"
                },
                {
                  "name": "93363",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93363"
                },
                {
                  "name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
                  "refsource": "MLIST",
                  "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
                },
                {
                  "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"
                },
                {
                  "name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"
                },
                {
                  "name": "USN-3758-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3758-1/"
                },
                {
                  "name": "FEDORA-2016-0df69ab477",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMCVDXMFPXR7QGMKDG22WPPJCXH2X3L7/"
                },
                {
                  "name": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17",
                  "refsource": "CONFIRM",
                  "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2016-7942",
        "datePublished": "2016-12-13T20:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:13:21.749Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-7439 (GCVE-0-2013-7439)

    Vulnerability from nvd – Published: 2015-04-16 14:00 – Updated: 2024-08-06 18:09
    VLAI
    Summary
    Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2568-1 vendor-advisoryx_refsource_UBUNTU
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/73962 vdb-entryx_refsource_BID
    http://www.debian.org/security/2015/dsa-3224 vendor-advisoryx_refsource_DEBIAN
    http://seclists.org/oss-sec/2015/q2/81 mailing-listx_refsource_MLIST
    http://lists.x.org/archives/xorg-announce/2015-Ap… mailing-listx_refsource_MLIST
    https://bugs.freedesktop.org/show_bug.cgi?id=56508 x_refsource_CONFIRM
    Date Public
    2015-04-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:09:16.255Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2568-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2568-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
              },
              {
                "name": "73962",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/73962"
              },
              {
                "name": "DSA-3224",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3224"
              },
              {
                "name": "[oss-security] 20150409 Re: CVE Request: libX11: buffer overflow in MakeBigReq macro",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2015/q2/81"
              },
              {
                "name": "[xorg-announce] 20150414 [ANNOUNCE] X.Org Security Advisory: Buffer overflow in MakeBigReq macro",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.x.org/archives/xorg-announce/2015-April/002561.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.freedesktop.org/show_bug.cgi?id=56508"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-10-17T13:57:01.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "name": "USN-2568-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2568-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
            },
            {
              "name": "73962",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/73962"
            },
            {
              "name": "DSA-3224",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3224"
            },
            {
              "name": "[oss-security] 20150409 Re: CVE Request: libX11: buffer overflow in MakeBigReq macro",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2015/q2/81"
            },
            {
              "name": "[xorg-announce] 20150414 [ANNOUNCE] X.Org Security Advisory: Buffer overflow in MakeBigReq macro",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.x.org/archives/xorg-announce/2015-April/002561.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=56508"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "ID": "CVE-2013-7439",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-2568-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2568-1"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
                },
                {
                  "name": "73962",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/73962"
                },
                {
                  "name": "DSA-3224",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3224"
                },
                {
                  "name": "[oss-security] 20150409 Re: CVE Request: libX11: buffer overflow in MakeBigReq macro",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2015/q2/81"
                },
                {
                  "name": "[xorg-announce] 20150414 [ANNOUNCE] X.Org Security Advisory: Buffer overflow in MakeBigReq macro",
                  "refsource": "MLIST",
                  "url": "http://lists.x.org/archives/xorg-announce/2015-April/002561.html"
                },
                {
                  "name": "https://bugs.freedesktop.org/show_bug.cgi?id=56508",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.freedesktop.org/show_bug.cgi?id=56508"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2013-7439",
        "datePublished": "2015-04-16T14:00:00.000Z",
        "dateReserved": "2015-04-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:09:16.255Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1667 (GCVE-0-2007-1667)

    Vulnerability from nvd – Published: 2007-03-24 21:00 – Updated: 2024-08-07 13:06
    VLAI
    Summary
    Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://secunia.com/advisories/24745 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/33937 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/24771 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/24756 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2007-01… vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/23300 vdb-entryx_refsource_BID
    http://support.apple.com/kb/HT3438 x_refsource_CONFIRM
    http://secunia.com/advisories/24739 third-party-advisoryx_refsource_SECUNIA
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://security.gentoo.org/glsa/glsa-200705-06.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/24758 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/usn-453-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/usn-481-1 vendor-advisoryx_refsource_UBUNTU
    https://issues.rpath.com/browse/RPL-1211 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2007-0125.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/24741 third-party-advisoryx_refsource_SECUNIA
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414045 x_refsource_CONFIRM
    http://secunia.com/advisories/25992 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/26177 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/usn-453-2 vendor-advisoryx_refsource_UBUNTU
    http://www.vupen.com/english/advisories/2007/1531 vdb-entryx_refsource_VUPEN
    http://lists.freedesktop.org/archives/xorg-announ… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/24791 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/24975 third-party-advisoryx_refsource_SECUNIA
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/30161 third-party-advisoryx_refsource_SECUNIA
    http://www.gentoo.org/security/en/glsa/glsa-20080… vendor-advisoryx_refsource_GENTOO
    http://www.debian.org/security/2007/dsa-1294 vendor-advisoryx_refsource_DEBIAN
    https://bugzilla.redhat.com/bugzilla/show_bug.cgi… x_refsource_CONFIRM
    http://www.securitytracker.com/id?1017864 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/24765 third-party-advisoryx_refsource_SECUNIA
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/464686/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/464816/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/25131 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2009/dsa-1858 vendor-advisoryx_refsource_DEBIAN
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/24953 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/1217 vdb-entryx_refsource_VUPEN
    http://www.openbsd.org/errata40.html#011_xorg vendor-advisoryx_refsource_OPENBSD
    https://issues.rpath.com/browse/RPL-1213 x_refsource_CONFIRM
    http://secunia.com/advisories/25004 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/25305 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/25072 third-party-advisoryx_refsource_SECUNIA
    http://www.openbsd.org/errata39.html#021_xorg vendor-advisoryx_refsource_OPENBSD
    http://secunia.com/advisories/25112 third-party-advisoryx_refsource_SECUNIA
    http://issues.foresightlinux.org/browse/FL-223 x_refsource_CONFIRM
    http://secunia.com/advisories/36260 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2007-01… vendor-advisoryx_refsource_REDHAT
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    Date Public
    2007-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:06:25.712Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "102888",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102888-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-176.htm"
              },
              {
                "name": "24745",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24745"
              },
              {
                "name": "33937",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33937"
              },
              {
                "name": "24771",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24771"
              },
              {
                "name": "24756",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24756"
              },
              {
                "name": "RHSA-2007:0126",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html"
              },
              {
                "name": "23300",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23300"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT3438"
              },
              {
                "name": "24739",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24739"
              },
              {
                "name": "APPLE-SA-2009-02-12",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
              },
              {
                "name": "GLSA-200705-06",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200705-06.xml"
              },
              {
                "name": "24758",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24758"
              },
              {
                "name": "USN-453-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-453-1"
              },
              {
                "name": "USN-481-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-481-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-1211"
              },
              {
                "name": "RHSA-2007:0125",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html"
              },
              {
                "name": "24741",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24741"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414045"
              },
              {
                "name": "25992",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25992"
              },
              {
                "name": "26177",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26177"
              },
              {
                "name": "USN-453-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-453-2"
              },
              {
                "name": "ADV-2007-1531",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1531"
              },
              {
                "name": "[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html"
              },
              {
                "name": "24791",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24791"
              },
              {
                "name": "24975",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24975"
              },
              {
                "name": "SUSE-SA:2007:027",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html"
              },
              {
                "name": "30161",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30161"
              },
              {
                "name": "GLSA-200805-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
              },
              {
                "name": "DSA-1294",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2007/dsa-1294"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231684"
              },
              {
                "name": "1017864",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017864"
              },
              {
                "name": "24765",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24765"
              },
              {
                "name": "SUSE-SR:2007:008",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
              },
              {
                "name": "20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded"
              },
              {
                "name": "20070405 FLEA-2007-0009-1: xorg-x11 freetype",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded"
              },
              {
                "name": "25131",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25131"
              },
              {
                "name": "DSA-1858",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2009/dsa-1858"
              },
              {
                "name": "oval:org.mitre.oval:def:9776",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9776"
              },
              {
                "name": "24953",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24953"
              },
              {
                "name": "ADV-2007-1217",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1217"
              },
              {
                "name": "[4.0] 011: SECURITY FIX: April 4, 2007",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_OPENBSD",
                  "x_transferred"
                ],
                "url": "http://www.openbsd.org/errata40.html#011_xorg"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-1213"
              },
              {
                "name": "25004",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25004"
              },
              {
                "name": "MDKSA-2007:147",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:147"
              },
              {
                "name": "25305",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25305"
              },
              {
                "name": "oval:org.mitre.oval:def:1693",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1693"
              },
              {
                "name": "25072",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25072"
              },
              {
                "name": "[3.9] 021: SECURITY FIX: April 4, 2007",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_OPENBSD",
                  "x_transferred"
                ],
                "url": "http://www.openbsd.org/errata39.html#021_xorg"
              },
              {
                "name": "25112",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25112"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://issues.foresightlinux.org/browse/FL-223"
              },
              {
                "name": "36260",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36260"
              },
              {
                "name": "RHSA-2007:0157",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2007-0157.html"
              },
              {
                "name": "MDKSA-2007:079",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "102888",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102888-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-176.htm"
            },
            {
              "name": "24745",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24745"
            },
            {
              "name": "33937",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33937"
            },
            {
              "name": "24771",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24771"
            },
            {
              "name": "24756",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24756"
            },
            {
              "name": "RHSA-2007:0126",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html"
            },
            {
              "name": "23300",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23300"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT3438"
            },
            {
              "name": "24739",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24739"
            },
            {
              "name": "APPLE-SA-2009-02-12",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
            },
            {
              "name": "GLSA-200705-06",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200705-06.xml"
            },
            {
              "name": "24758",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24758"
            },
            {
              "name": "USN-453-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-453-1"
            },
            {
              "name": "USN-481-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-481-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-1211"
            },
            {
              "name": "RHSA-2007:0125",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html"
            },
            {
              "name": "24741",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24741"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414045"
            },
            {
              "name": "25992",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25992"
            },
            {
              "name": "26177",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26177"
            },
            {
              "name": "USN-453-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-453-2"
            },
            {
              "name": "ADV-2007-1531",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1531"
            },
            {
              "name": "[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html"
            },
            {
              "name": "24791",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24791"
            },
            {
              "name": "24975",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24975"
            },
            {
              "name": "SUSE-SA:2007:027",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html"
            },
            {
              "name": "30161",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30161"
            },
            {
              "name": "GLSA-200805-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
            },
            {
              "name": "DSA-1294",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2007/dsa-1294"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231684"
            },
            {
              "name": "1017864",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017864"
            },
            {
              "name": "24765",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24765"
            },
            {
              "name": "SUSE-SR:2007:008",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
            },
            {
              "name": "20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded"
            },
            {
              "name": "20070405 FLEA-2007-0009-1: xorg-x11 freetype",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded"
            },
            {
              "name": "25131",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25131"
            },
            {
              "name": "DSA-1858",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2009/dsa-1858"
            },
            {
              "name": "oval:org.mitre.oval:def:9776",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9776"
            },
            {
              "name": "24953",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24953"
            },
            {
              "name": "ADV-2007-1217",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1217"
            },
            {
              "name": "[4.0] 011: SECURITY FIX: April 4, 2007",
              "tags": [
                "vendor-advisory",
                "x_refsource_OPENBSD"
              ],
              "url": "http://www.openbsd.org/errata40.html#011_xorg"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-1213"
            },
            {
              "name": "25004",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25004"
            },
            {
              "name": "MDKSA-2007:147",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:147"
            },
            {
              "name": "25305",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25305"
            },
            {
              "name": "oval:org.mitre.oval:def:1693",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1693"
            },
            {
              "name": "25072",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25072"
            },
            {
              "name": "[3.9] 021: SECURITY FIX: April 4, 2007",
              "tags": [
                "vendor-advisory",
                "x_refsource_OPENBSD"
              ],
              "url": "http://www.openbsd.org/errata39.html#021_xorg"
            },
            {
              "name": "25112",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25112"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://issues.foresightlinux.org/browse/FL-223"
            },
            {
              "name": "36260",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36260"
            },
            {
              "name": "RHSA-2007:0157",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0157.html"
            },
            {
              "name": "MDKSA-2007:079",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2007-1667",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "102888",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102888-1"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-176.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-176.htm"
                },
                {
                  "name": "24745",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24745"
                },
                {
                  "name": "33937",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33937"
                },
                {
                  "name": "24771",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24771"
                },
                {
                  "name": "24756",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24756"
                },
                {
                  "name": "RHSA-2007:0126",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html"
                },
                {
                  "name": "23300",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23300"
                },
                {
                  "name": "http://support.apple.com/kb/HT3438",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT3438"
                },
                {
                  "name": "24739",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24739"
                },
                {
                  "name": "APPLE-SA-2009-02-12",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
                },
                {
                  "name": "GLSA-200705-06",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200705-06.xml"
                },
                {
                  "name": "24758",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24758"
                },
                {
                  "name": "USN-453-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-453-1"
                },
                {
                  "name": "USN-481-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-481-1"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-1211",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-1211"
                },
                {
                  "name": "RHSA-2007:0125",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html"
                },
                {
                  "name": "24741",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24741"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414045",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414045"
                },
                {
                  "name": "25992",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25992"
                },
                {
                  "name": "26177",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26177"
                },
                {
                  "name": "USN-453-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-453-2"
                },
                {
                  "name": "ADV-2007-1531",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1531"
                },
                {
                  "name": "[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont",
                  "refsource": "MLIST",
                  "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html"
                },
                {
                  "name": "24791",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24791"
                },
                {
                  "name": "24975",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24975"
                },
                {
                  "name": "SUSE-SA:2007:027",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html"
                },
                {
                  "name": "30161",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30161"
                },
                {
                  "name": "GLSA-200805-07",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
                },
                {
                  "name": "DSA-1294",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2007/dsa-1294"
                },
                {
                  "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231684",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231684"
                },
                {
                  "name": "1017864",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017864"
                },
                {
                  "name": "24765",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24765"
                },
                {
                  "name": "SUSE-SR:2007:008",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
                },
                {
                  "name": "20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded"
                },
                {
                  "name": "20070405 FLEA-2007-0009-1: xorg-x11 freetype",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded"
                },
                {
                  "name": "25131",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25131"
                },
                {
                  "name": "DSA-1858",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2009/dsa-1858"
                },
                {
                  "name": "oval:org.mitre.oval:def:9776",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9776"
                },
                {
                  "name": "24953",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24953"
                },
                {
                  "name": "ADV-2007-1217",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1217"
                },
                {
                  "name": "[4.0] 011: SECURITY FIX: April 4, 2007",
                  "refsource": "OPENBSD",
                  "url": "http://www.openbsd.org/errata40.html#011_xorg"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-1213",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-1213"
                },
                {
                  "name": "25004",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25004"
                },
                {
                  "name": "MDKSA-2007:147",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:147"
                },
                {
                  "name": "25305",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25305"
                },
                {
                  "name": "oval:org.mitre.oval:def:1693",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1693"
                },
                {
                  "name": "25072",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25072"
                },
                {
                  "name": "[3.9] 021: SECURITY FIX: April 4, 2007",
                  "refsource": "OPENBSD",
                  "url": "http://www.openbsd.org/errata39.html#021_xorg"
                },
                {
                  "name": "25112",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25112"
                },
                {
                  "name": "http://issues.foresightlinux.org/browse/FL-223",
                  "refsource": "CONFIRM",
                  "url": "http://issues.foresightlinux.org/browse/FL-223"
                },
                {
                  "name": "36260",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36260"
                },
                {
                  "name": "RHSA-2007:0157",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2007-0157.html"
                },
                {
                  "name": "MDKSA-2007:079",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2007-1667",
        "datePublished": "2007-03-24T21:00:00.000Z",
        "dateReserved": "2007-03-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:06:25.712Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5397 (GCVE-0-2006-5397)

    Vulnerability from nvd – Published: 2006-11-03 00:00 – Updated: 2024-08-07 19:48
    VLAI
    Summary
    The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/22749 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/20845 vdb-entryx_refsource_BID
    https://bugs.freedesktop.org/show_bug.cgi?id=8699 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2006/4289 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/22642 third-party-advisoryx_refsource_SECUNIA
    http://gitweb.freedesktop.org/?p=xorg/lib/libX11.… x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2006-10-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:48:30.400Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "22749",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22749"
              },
              {
                "name": "20845",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20845"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.freedesktop.org/show_bug.cgi?id=8699"
              },
              {
                "name": "ADV-2006-4289",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4289"
              },
              {
                "name": "22642",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22642"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git%3Ba=commit%3Bh=686bb8b35acf6cecae80fe89b2b5853f5816ce19"
              },
              {
                "name": "MDKSA-2006:199",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:199"
              },
              {
                "name": "libx11-xinput-information-disclosure(29956)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29956"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-10-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "22749",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22749"
            },
            {
              "name": "20845",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20845"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=8699"
            },
            {
              "name": "ADV-2006-4289",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4289"
            },
            {
              "name": "22642",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22642"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git%3Ba=commit%3Bh=686bb8b35acf6cecae80fe89b2b5853f5816ce19"
            },
            {
              "name": "MDKSA-2006:199",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:199"
            },
            {
              "name": "libx11-xinput-information-disclosure(29956)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29956"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5397",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "22749",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22749"
                },
                {
                  "name": "20845",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/20845"
                },
                {
                  "name": "https://bugs.freedesktop.org/show_bug.cgi?id=8699",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.freedesktop.org/show_bug.cgi?id=8699"
                },
                {
                  "name": "ADV-2006-4289",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/4289"
                },
                {
                  "name": "22642",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22642"
                },
                {
                  "name": "http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git;a=commit;h=686bb8b35acf6cecae80fe89b2b5853f5816ce19",
                  "refsource": "CONFIRM",
                  "url": "http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git;a=commit;h=686bb8b35acf6cecae80fe89b2b5853f5816ce19"
                },
                {
                  "name": "MDKSA-2006:199",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:199"
                },
                {
                  "name": "libx11-xinput-information-disclosure(29956)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29956"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5397",
        "datePublished": "2006-11-03T00:00:00.000Z",
        "dateReserved": "2006-10-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:48:30.400Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-43787 (GCVE-0-2023-43787)

    Vulnerability from cvelistv5 – Published: 2023-10-10 12:26 – Updated: 2025-11-06 22:59
    VLAI
    Title
    Libx11: integer overflow in xcreateimage() leading to a heap overflow
    Summary
    A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 1.8.7 (semver)
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.6.8-8.el8 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.7.0-9.el9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Date Public
    2023-10-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:25:14.954Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/01/24/9"
              },
              {
                "name": "RHSA-2024:2145",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2145"
              },
              {
                "name": "RHSA-2024:2973",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2973"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-43787"
              },
              {
                "name": "RHBZ#2242254",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242254"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231103-0006/"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00005.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43787",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-29T18:42:49.281830Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T14:50:50.506Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.freedesktop.org/xorg/lib/libx11",
              "defaultStatus": "unaffected",
              "packageName": "libX11",
              "versions": [
                {
                  "lessThan": "1.8.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libX11",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.8-8.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libX11",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.7.0-9.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libX11",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "libX11",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2023-10-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T22:59:43.505Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:2145",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2145"
            },
            {
              "name": "RHSA-2024:2973",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2973"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-43787"
            },
            {
              "name": "RHBZ#2242254",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242254"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-10-05T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-10-04T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libx11: integer overflow in xcreateimage() leading to a heap overflow",
          "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-43787",
        "datePublished": "2023-10-10T12:26:08.102Z",
        "dateReserved": "2023-09-22T09:52:31.108Z",
        "dateUpdated": "2025-11-06T22:59:43.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-43786 (GCVE-0-2023-43786)

    Vulnerability from cvelistv5 – Published: 2023-10-10 12:26 – Updated: 2025-11-06 22:59
    VLAI
    Title
    Libx11: stack exhaustion from infinite recursion in putsubimage()
    Summary
    A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.5.17 (semver)
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.6.8-8.el8 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.7.0-9.el9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Date Public
    2023-10-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43786",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-25T16:06:07.325768Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:25:57.723Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:25:13.867Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/01/24/9"
              },
              {
                "name": "RHSA-2024:2145",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2145"
              },
              {
                "name": "RHSA-2024:2973",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2973"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-43786"
              },
              {
                "name": "RHBZ#2242253",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242253"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231103-0006/"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00005.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.freedesktop.org/xorg/lib/libxpm",
              "defaultStatus": "unaffected",
              "packageName": "libXpm",
              "versions": [
                {
                  "lessThan": "3.5.17",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libX11",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.8-8.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libX11",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.7.0-9.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libX11",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "libX11",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2023-10-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T22:59:38.283Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:2145",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2145"
            },
            {
              "name": "RHSA-2024:2973",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2973"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-43786"
            },
            {
              "name": "RHBZ#2242253",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242253"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-10-05T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-10-04T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libx11: stack exhaustion from infinite recursion in putsubimage()",
          "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-43786",
        "datePublished": "2023-10-10T12:26:07.399Z",
        "dateReserved": "2023-09-22T09:52:31.108Z",
        "dateUpdated": "2025-11-06T22:59:38.283Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-43785 (GCVE-0-2023-43785)

    Vulnerability from cvelistv5 – Published: 2023-10-10 12:26 – Updated: 2025-11-06 22:59
    VLAI
    Title
    Libx11: out-of-bounds memory access in _xkbreadkeysyms()
    Summary
    A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 1.8.7 (semver)
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.6.8-8.el8 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.7.0-9.el9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Date Public
    2023-10-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43785",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-25T15:44:16.523489Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:26:00.384Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:25:12.775Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:2145",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2145"
              },
              {
                "name": "RHSA-2024:2973",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2973"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-43785"
              },
              {
                "name": "RHBZ#2242252",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242252"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231103-0006/"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00004.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.freedesktop.org/xorg/lib/libx11",
              "defaultStatus": "unaffected",
              "packageName": "libX11",
              "versions": [
                {
                  "lessThan": "1.8.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libX11",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.8-8.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "libX11",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.7.0-9.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "libX11",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "libX11",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2023-10-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T22:59:36.693Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:2145",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2145"
            },
            {
              "name": "RHSA-2024:2973",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2973"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-43785"
            },
            {
              "name": "RHBZ#2242252",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242252"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-10-05T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-10-04T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libx11: out-of-bounds memory access in _xkbreadkeysyms()",
          "x_redhatCweChain": "CWE-787: Out-of-bounds Write"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-43785",
        "datePublished": "2023-10-10T12:26:02.015Z",
        "dateReserved": "2023-09-22T09:52:31.108Z",
        "dateUpdated": "2025-11-06T22:59:36.693Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-3138 (GCVE-0-2023-3138)

    Vulnerability from cvelistv5 – Published: 2023-06-28 00:00 – Updated: 2024-08-02 06:48
    VLAI
    Summary
    A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a libX11 Affected: libX11 1.8.6
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:07.359Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-3138"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.x.org/archives/xorg-announce/2023-June/003406.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.x.org/archives/xorg-announce/2023-June/003407.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231208-0008/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "libX11",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "libX11 1.8.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-08T19:06:17.298Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://access.redhat.com/security/cve/CVE-2023-3138"
            },
            {
              "url": "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c"
            },
            {
              "url": "https://lists.x.org/archives/xorg-announce/2023-June/003406.html"
            },
            {
              "url": "https://lists.x.org/archives/xorg-announce/2023-June/003407.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231208-0008/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-3138",
        "datePublished": "2023-06-28T00:00:00.000Z",
        "dateReserved": "2023-06-07T00:00:00.000Z",
        "dateUpdated": "2024-08-02T06:48:07.359Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-31535 (GCVE-0-2021-31535)

    Vulnerability from cvelistv5 – Published: 2021-05-27 12:26 – Updated: 2024-08-03 23:03
    VLAI
    Summary
    LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:03:33.270Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.freedesktop.org/archives/xorg/"
              },
              {
                "name": "[oss-security] 20210518 libX11 security advisory: May 18, 2021",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/05/18/2"
              },
              {
                "name": "20210520 CVE-2021-31535 libX11 Insufficient Length Checks PoC and Archeology",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/May/52"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/162737/libX11-Insufficient-Length-Check-Injection.html"
              },
              {
                "name": "[debian-lts-announce] 20210524 [SECURITY] [DLA 2666-1] libx11 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00021.html"
              },
              {
                "name": "DSA-4920",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4920"
              },
              {
                "name": "GLSA-202105-16",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202105-16"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2021/05/18/3"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2021/05/18/2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.x.org/archives/xorg-announce/2021-May/003088.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210813-0001/"
              },
              {
                "name": "FEDORA-2021-62bb9998b2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEOT4RLB76RVPJQKGGTIKTBIOLHX2NR6/"
              },
              {
                "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
              },
              {
                "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
              },
              {
                "name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
              },
              {
                "name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-02T03:07:21.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.freedesktop.org/archives/xorg/"
            },
            {
              "name": "[oss-security] 20210518 libX11 security advisory: May 18, 2021",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/05/18/2"
            },
            {
              "name": "20210520 CVE-2021-31535 libX11 Insufficient Length Checks PoC and Archeology",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/May/52"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/162737/libX11-Insufficient-Length-Check-Injection.html"
            },
            {
              "name": "[debian-lts-announce] 20210524 [SECURITY] [DLA 2666-1] libx11 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00021.html"
            },
            {
              "name": "DSA-4920",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4920"
            },
            {
              "name": "GLSA-202105-16",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202105-16"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2021/05/18/3"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2021/05/18/2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.x.org/archives/xorg-announce/2021-May/003088.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210813-0001/"
            },
            {
              "name": "FEDORA-2021-62bb9998b2",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEOT4RLB76RVPJQKGGTIKTBIOLHX2NR6/"
            },
            {
              "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-31535",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt",
                  "refsource": "MISC",
                  "url": "https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt"
                },
                {
                  "name": "https://lists.freedesktop.org/archives/xorg/",
                  "refsource": "MISC",
                  "url": "https://lists.freedesktop.org/archives/xorg/"
                },
                {
                  "name": "[oss-security] 20210518 libX11 security advisory: May 18, 2021",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/05/18/2"
                },
                {
                  "name": "20210520 CVE-2021-31535 libX11 Insufficient Length Checks PoC and Archeology",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/May/52"
                },
                {
                  "name": "http://packetstormsecurity.com/files/162737/libX11-Insufficient-Length-Check-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/162737/libX11-Insufficient-Length-Check-Injection.html"
                },
                {
                  "name": "[debian-lts-announce] 20210524 [SECURITY] [DLA 2666-1] libx11 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00021.html"
                },
                {
                  "name": "DSA-4920",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2021/dsa-4920"
                },
                {
                  "name": "GLSA-202105-16",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202105-16"
                },
                {
                  "name": "https://www.openwall.com/lists/oss-security/2021/05/18/3",
                  "refsource": "MISC",
                  "url": "https://www.openwall.com/lists/oss-security/2021/05/18/3"
                },
                {
                  "name": "https://www.openwall.com/lists/oss-security/2021/05/18/2",
                  "refsource": "MISC",
                  "url": "https://www.openwall.com/lists/oss-security/2021/05/18/2"
                },
                {
                  "name": "https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/",
                  "refsource": "MISC",
                  "url": "https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/"
                },
                {
                  "name": "https://lists.x.org/archives/xorg-announce/2021-May/003088.html",
                  "refsource": "MISC",
                  "url": "https://lists.x.org/archives/xorg-announce/2021-May/003088.html"
                },
                {
                  "name": "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605",
                  "refsource": "MISC",
                  "url": "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210813-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210813-0001/"
                },
                {
                  "name": "FEDORA-2021-62bb9998b2",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEOT4RLB76RVPJQKGGTIKTBIOLHX2NR6/"
                },
                {
                  "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E"
                },
                {
                  "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E"
                },
                {
                  "name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E"
                },
                {
                  "name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-31535",
        "datePublished": "2021-05-27T12:26:26.000Z",
        "dateReserved": "2021-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:03:33.270Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14363 (GCVE-0-2020-14363)

    Vulnerability from cvelistv5 – Published: 2020-09-11 18:02 – Updated: 2024-08-04 12:46
    VLAI
    Summary
    An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.
    Assigner
    Impacted products
    Vendor Product Version
    The X11 Project libX11 Affected: 1.6.12
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:46:34.044Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.x.org/archives/xorg-announce/2020-August/003056.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363"
              },
              {
                "name": "USN-4487-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4487-2/"
              },
              {
                "name": "FEDORA-2020-cf0afbd27e",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "libX11",
              "vendor": "The X11 Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.12"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-29T05:13:48.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.x.org/archives/xorg-announce/2020-August/003056.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363"
            },
            {
              "name": "USN-4487-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4487-2/"
            },
            {
              "name": "FEDORA-2020-cf0afbd27e",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2020-14363",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "libX11",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.6.12"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "The X11 Project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "7.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "version": "3.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-190"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-416"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt",
                  "refsource": "MISC",
                  "url": "https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt"
                },
                {
                  "name": "https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh",
                  "refsource": "MISC",
                  "url": "https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh"
                },
                {
                  "name": "https://lists.x.org/archives/xorg-announce/2020-August/003056.html",
                  "refsource": "MISC",
                  "url": "https://lists.x.org/archives/xorg-announce/2020-August/003056.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363"
                },
                {
                  "name": "USN-4487-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4487-2/"
                },
                {
                  "name": "FEDORA-2020-cf0afbd27e",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2020-14363",
        "datePublished": "2020-09-11T18:02:24.000Z",
        "dateReserved": "2020-06-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:46:34.044Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14344 (GCVE-0-2020-14344)

    Vulnerability from cvelistv5 – Published: 2020-08-05 13:08 – Updated: 2024-08-04 12:39
    VLAI
    Summary
    An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    The X11 Project libX11 Affected: 1.6.10
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:39:36.520Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.x.org/archives/xorg-announce/2020-July/003050.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2020/07/31/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344"
              },
              {
                "name": "openSUSE-SU-2020:1162",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html"
              },
              {
                "name": "openSUSE-SU-2020:1164",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html"
              },
              {
                "name": "openSUSE-SU-2020:1182",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html"
              },
              {
                "name": "openSUSE-SU-2020:1198",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html"
              },
              {
                "name": "FEDORA-2020-eba554b9d5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/"
              },
              {
                "name": "GLSA-202008-18",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202008-18"
              },
              {
                "name": "USN-4487-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4487-1/"
              },
              {
                "name": "FEDORA-2020-9a0b272cc1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/"
              },
              {
                "name": "USN-4487-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4487-2/"
              },
              {
                "name": "FEDORA-2020-cf0afbd27e",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "libX11",
              "vendor": "The X11 Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-25T18:06:12.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.x.org/archives/xorg-announce/2020-July/003050.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2020/07/31/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344"
            },
            {
              "name": "openSUSE-SU-2020:1162",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html"
            },
            {
              "name": "openSUSE-SU-2020:1164",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html"
            },
            {
              "name": "openSUSE-SU-2020:1182",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html"
            },
            {
              "name": "openSUSE-SU-2020:1198",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html"
            },
            {
              "name": "FEDORA-2020-eba554b9d5",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/"
            },
            {
              "name": "GLSA-202008-18",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202008-18"
            },
            {
              "name": "USN-4487-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4487-1/"
            },
            {
              "name": "FEDORA-2020-9a0b272cc1",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/"
            },
            {
              "name": "USN-4487-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4487-2/"
            },
            {
              "name": "FEDORA-2020-cf0afbd27e",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2020-14344",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "libX11",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.6.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "The X11 Project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "6.7/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                    "version": "3.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-190"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://lists.x.org/archives/xorg-announce/2020-July/003050.html",
                  "refsource": "MISC",
                  "url": "https://lists.x.org/archives/xorg-announce/2020-July/003050.html"
                },
                {
                  "name": "https://www.openwall.com/lists/oss-security/2020/07/31/1",
                  "refsource": "MISC",
                  "url": "https://www.openwall.com/lists/oss-security/2020/07/31/1"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344"
                },
                {
                  "name": "openSUSE-SU-2020:1162",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html"
                },
                {
                  "name": "openSUSE-SU-2020:1164",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html"
                },
                {
                  "name": "openSUSE-SU-2020:1182",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html"
                },
                {
                  "name": "openSUSE-SU-2020:1198",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html"
                },
                {
                  "name": "FEDORA-2020-eba554b9d5",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/"
                },
                {
                  "name": "GLSA-202008-18",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202008-18"
                },
                {
                  "name": "USN-4487-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4487-1/"
                },
                {
                  "name": "FEDORA-2020-9a0b272cc1",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/"
                },
                {
                  "name": "USN-4487-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4487-2/"
                },
                {
                  "name": "FEDORA-2020-cf0afbd27e",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2020-14344",
        "datePublished": "2020-08-05T13:08:33.000Z",
        "dateReserved": "2020-06-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:39:36.520Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14598 (GCVE-0-2018-14598)

    Vulnerability from cvelistv5 – Published: 2018-08-24 19:00 – Updated: 2024-08-05 09:29
    VLAI
    Summary
    An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://usn.ubuntu.com/3758-2/ vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.suse.com/show_bug.cgi?id=1102073 x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201811-01 vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/105177 vdb-entryx_refsource_BID
    https://cgit.freedesktop.org/xorg/lib/libX11/comm… x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2018/08/21/6 mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id/1041543 vdb-entryx_refsource_SECTRACK
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://lists.x.org/archives/xorg-announce/2018-A… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/3758-1/ vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://access.redhat.com/errata/RHSA-2019:2079 vendor-advisoryx_refsource_REDHAT
    Date Public
    2018-08-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:29:51.690Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3758-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3758-2/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102073"
              },
              {
                "name": "GLSA-201811-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201811-01"
              },
              {
                "name": "105177",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105177"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2"
              },
              {
                "name": "[oss-security] 20180821 X.Org security advisory: August 21, 2018",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2018/08/21/6"
              },
              {
                "name": "1041543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041543"
              },
              {
                "name": "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html"
              },
              {
                "name": "[xorg-announce] 20180821 libX11 1.6.6",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.x.org/archives/xorg-announce/2018-August/002916.html"
              },
              {
                "name": "USN-3758-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3758-1/"
              },
              {
                "name": "FEDORA-2019-6a756fe3a5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/"
              },
              {
                "name": "RHSA-2019:2079",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2079"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-06T16:06:20.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3758-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3758-2/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102073"
            },
            {
              "name": "GLSA-201811-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201811-01"
            },
            {
              "name": "105177",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105177"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2"
            },
            {
              "name": "[oss-security] 20180821 X.Org security advisory: August 21, 2018",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2018/08/21/6"
            },
            {
              "name": "1041543",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041543"
            },
            {
              "name": "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html"
            },
            {
              "name": "[xorg-announce] 20180821 libX11 1.6.6",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.x.org/archives/xorg-announce/2018-August/002916.html"
            },
            {
              "name": "USN-3758-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3758-1/"
            },
            {
              "name": "FEDORA-2019-6a756fe3a5",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/"
            },
            {
              "name": "RHSA-2019:2079",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2079"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-14598",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3758-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3758-2/"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1102073",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102073"
                },
                {
                  "name": "GLSA-201811-01",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201811-01"
                },
                {
                  "name": "105177",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105177"
                },
                {
                  "name": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2",
                  "refsource": "CONFIRM",
                  "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2"
                },
                {
                  "name": "[oss-security] 20180821 X.Org security advisory: August 21, 2018",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2018/08/21/6"
                },
                {
                  "name": "1041543",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041543"
                },
                {
                  "name": "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html"
                },
                {
                  "name": "[xorg-announce] 20180821 libX11 1.6.6",
                  "refsource": "MLIST",
                  "url": "https://lists.x.org/archives/xorg-announce/2018-August/002916.html"
                },
                {
                  "name": "USN-3758-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3758-1/"
                },
                {
                  "name": "FEDORA-2019-6a756fe3a5",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/"
                },
                {
                  "name": "RHSA-2019:2079",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2079"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-14598",
        "datePublished": "2018-08-24T19:00:00.000Z",
        "dateReserved": "2018-07-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:29:51.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14599 (GCVE-0-2018-14599)

    Vulnerability from cvelistv5 – Published: 2018-08-24 19:00 – Updated: 2024-08-05 09:29
    VLAI
    Summary
    An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://usn.ubuntu.com/3758-2/ vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.suse.com/show_bug.cgi?id=1102062 x_refsource_CONFIRM
    https://cgit.freedesktop.org/xorg/lib/libX11/comm… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201811-01 vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/105177 vdb-entryx_refsource_BID
    http://www.openwall.com/lists/oss-security/2018/08/21/6 mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id/1041543 vdb-entryx_refsource_SECTRACK
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://lists.x.org/archives/xorg-announce/2018-A… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/3758-1/ vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://access.redhat.com/errata/RHSA-2019:2079 vendor-advisoryx_refsource_REDHAT
    Date Public
    2018-08-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:29:51.671Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3758-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3758-2/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102062"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0"
              },
              {
                "name": "GLSA-201811-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201811-01"
              },
              {
                "name": "105177",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105177"
              },
              {
                "name": "[oss-security] 20180821 X.Org security advisory: August 21, 2018",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2018/08/21/6"
              },
              {
                "name": "1041543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041543"
              },
              {
                "name": "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html"
              },
              {
                "name": "[xorg-announce] 20180821 libX11 1.6.6",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.x.org/archives/xorg-announce/2018-August/002916.html"
              },
              {
                "name": "USN-3758-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3758-1/"
              },
              {
                "name": "FEDORA-2019-6a756fe3a5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/"
              },
              {
                "name": "RHSA-2019:2079",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2079"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-06T16:06:20.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3758-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3758-2/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102062"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0"
            },
            {
              "name": "GLSA-201811-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201811-01"
            },
            {
              "name": "105177",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105177"
            },
            {
              "name": "[oss-security] 20180821 X.Org security advisory: August 21, 2018",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2018/08/21/6"
            },
            {
              "name": "1041543",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041543"
            },
            {
              "name": "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html"
            },
            {
              "name": "[xorg-announce] 20180821 libX11 1.6.6",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.x.org/archives/xorg-announce/2018-August/002916.html"
            },
            {
              "name": "USN-3758-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3758-1/"
            },
            {
              "name": "FEDORA-2019-6a756fe3a5",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/"
            },
            {
              "name": "RHSA-2019:2079",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2079"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-14599",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3758-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3758-2/"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1102062",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102062"
                },
                {
                  "name": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0",
                  "refsource": "CONFIRM",
                  "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0"
                },
                {
                  "name": "GLSA-201811-01",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201811-01"
                },
                {
                  "name": "105177",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105177"
                },
                {
                  "name": "[oss-security] 20180821 X.Org security advisory: August 21, 2018",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2018/08/21/6"
                },
                {
                  "name": "1041543",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041543"
                },
                {
                  "name": "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html"
                },
                {
                  "name": "[xorg-announce] 20180821 libX11 1.6.6",
                  "refsource": "MLIST",
                  "url": "https://lists.x.org/archives/xorg-announce/2018-August/002916.html"
                },
                {
                  "name": "USN-3758-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3758-1/"
                },
                {
                  "name": "FEDORA-2019-6a756fe3a5",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/"
                },
                {
                  "name": "RHSA-2019:2079",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2079"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-14599",
        "datePublished": "2018-08-24T19:00:00.000Z",
        "dateReserved": "2018-07-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:29:51.671Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14600 (GCVE-0-2018-14600)

    Vulnerability from cvelistv5 – Published: 2018-08-24 19:00 – Updated: 2024-08-05 09:29
    VLAI
    Summary
    An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://usn.ubuntu.com/3758-2/ vendor-advisoryx_refsource_UBUNTU
    https://security.gentoo.org/glsa/201811-01 vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/105177 vdb-entryx_refsource_BID
    https://bugzilla.suse.com/show_bug.cgi?id=1102068 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2018/08/21/6 mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id/1041543 vdb-entryx_refsource_SECTRACK
    https://cgit.freedesktop.org/xorg/lib/libX11/comm… x_refsource_CONFIRM
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://lists.x.org/archives/xorg-announce/2018-A… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/3758-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2019:2079 vendor-advisoryx_refsource_REDHAT
    Date Public
    2018-08-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:29:51.697Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3758-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3758-2/"
              },
              {
                "name": "GLSA-201811-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201811-01"
              },
              {
                "name": "105177",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105177"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102068"
              },
              {
                "name": "[oss-security] 20180821 X.Org security advisory: August 21, 2018",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2018/08/21/6"
              },
              {
                "name": "1041543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041543"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=dbf72805fd9d7b1846fe9a11b46f3994bfc27fea"
              },
              {
                "name": "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html"
              },
              {
                "name": "[xorg-announce] 20180821 libX11 1.6.6",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.x.org/archives/xorg-announce/2018-August/002916.html"
              },
              {
                "name": "USN-3758-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3758-1/"
              },
              {
                "name": "RHSA-2019:2079",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2079"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-06T16:06:20.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3758-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3758-2/"
            },
            {
              "name": "GLSA-201811-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201811-01"
            },
            {
              "name": "105177",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105177"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102068"
            },
            {
              "name": "[oss-security] 20180821 X.Org security advisory: August 21, 2018",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2018/08/21/6"
            },
            {
              "name": "1041543",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041543"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=dbf72805fd9d7b1846fe9a11b46f3994bfc27fea"
            },
            {
              "name": "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html"
            },
            {
              "name": "[xorg-announce] 20180821 libX11 1.6.6",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.x.org/archives/xorg-announce/2018-August/002916.html"
            },
            {
              "name": "USN-3758-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3758-1/"
            },
            {
              "name": "RHSA-2019:2079",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2079"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-14600",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3758-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3758-2/"
                },
                {
                  "name": "GLSA-201811-01",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201811-01"
                },
                {
                  "name": "105177",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105177"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1102068",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102068"
                },
                {
                  "name": "[oss-security] 20180821 X.Org security advisory: August 21, 2018",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2018/08/21/6"
                },
                {
                  "name": "1041543",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041543"
                },
                {
                  "name": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=dbf72805fd9d7b1846fe9a11b46f3994bfc27fea",
                  "refsource": "CONFIRM",
                  "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=dbf72805fd9d7b1846fe9a11b46f3994bfc27fea"
                },
                {
                  "name": "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html"
                },
                {
                  "name": "[xorg-announce] 20180821 libX11 1.6.6",
                  "refsource": "MLIST",
                  "url": "https://lists.x.org/archives/xorg-announce/2018-August/002916.html"
                },
                {
                  "name": "USN-3758-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3758-1/"
                },
                {
                  "name": "RHSA-2019:2079",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2079"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-14600",
        "datePublished": "2018-08-24T19:00:00.000Z",
        "dateReserved": "2018-07-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:29:51.697Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7943 (GCVE-0-2016-7943)

    Vulnerability from cvelistv5 – Published: 2016-12-13 20:00 – Updated: 2024-08-06 02:13
    VLAI
    Summary
    The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1036945 vdb-entryx_refsource_SECTRACK
    https://usn.ubuntu.com/3758-2/ vendor-advisoryx_refsource_UBUNTU
    https://cgit.freedesktop.org/xorg/lib/libX11/comm… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201704-03 vendor-advisoryx_refsource_GENTOO
    https://lists.x.org/archives/xorg-announce/2016-O… mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2016/10/04/4 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2016/10/04/2 mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/93362 vdb-entryx_refsource_BID
    https://usn.ubuntu.com/3758-1/ vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    Date Public
    2016-10-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:13:21.110Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1036945",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036945"
              },
              {
                "name": "USN-3758-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3758-2/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9"
              },
              {
                "name": "GLSA-201704-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201704-03"
              },
              {
                "name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
              },
              {
                "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"
              },
              {
                "name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"
              },
              {
                "name": "93362",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93362"
              },
              {
                "name": "USN-3758-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3758-1/"
              },
              {
                "name": "FEDORA-2016-0df69ab477",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMCVDXMFPXR7QGMKDG22WPPJCXH2X3L7/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-10-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:44.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "name": "1036945",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036945"
            },
            {
              "name": "USN-3758-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3758-2/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9"
            },
            {
              "name": "GLSA-201704-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201704-03"
            },
            {
              "name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
            },
            {
              "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"
            },
            {
              "name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"
            },
            {
              "name": "93362",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93362"
            },
            {
              "name": "USN-3758-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3758-1/"
            },
            {
              "name": "FEDORA-2016-0df69ab477",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMCVDXMFPXR7QGMKDG22WPPJCXH2X3L7/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2016-7943",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1036945",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036945"
                },
                {
                  "name": "USN-3758-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3758-2/"
                },
                {
                  "name": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9",
                  "refsource": "CONFIRM",
                  "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9"
                },
                {
                  "name": "GLSA-201704-03",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201704-03"
                },
                {
                  "name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
                  "refsource": "MLIST",
                  "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
                },
                {
                  "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"
                },
                {
                  "name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"
                },
                {
                  "name": "93362",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93362"
                },
                {
                  "name": "USN-3758-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3758-1/"
                },
                {
                  "name": "FEDORA-2016-0df69ab477",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMCVDXMFPXR7QGMKDG22WPPJCXH2X3L7/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2016-7943",
        "datePublished": "2016-12-13T20:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:13:21.110Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7942 (GCVE-0-2016-7942)

    Vulnerability from cvelistv5 – Published: 2016-12-13 20:00 – Updated: 2024-08-06 02:13
    VLAI
    Summary
    The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1036945 vdb-entryx_refsource_SECTRACK
    https://usn.ubuntu.com/3758-2/ vendor-advisoryx_refsource_UBUNTU
    https://security.gentoo.org/glsa/201704-03 vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/93363 vdb-entryx_refsource_BID
    https://lists.x.org/archives/xorg-announce/2016-O… mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2016/10/04/4 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2016/10/04/2 mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/3758-1/ vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://cgit.freedesktop.org/xorg/lib/libX11/comm… x_refsource_CONFIRM
    Date Public
    2016-10-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:13:21.749Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1036945",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036945"
              },
              {
                "name": "USN-3758-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3758-2/"
              },
              {
                "name": "GLSA-201704-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201704-03"
              },
              {
                "name": "93363",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93363"
              },
              {
                "name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
              },
              {
                "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"
              },
              {
                "name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"
              },
              {
                "name": "USN-3758-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3758-1/"
              },
              {
                "name": "FEDORA-2016-0df69ab477",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMCVDXMFPXR7QGMKDG22WPPJCXH2X3L7/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-10-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:55.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "name": "1036945",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036945"
            },
            {
              "name": "USN-3758-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3758-2/"
            },
            {
              "name": "GLSA-201704-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201704-03"
            },
            {
              "name": "93363",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93363"
            },
            {
              "name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
            },
            {
              "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"
            },
            {
              "name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"
            },
            {
              "name": "USN-3758-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3758-1/"
            },
            {
              "name": "FEDORA-2016-0df69ab477",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMCVDXMFPXR7QGMKDG22WPPJCXH2X3L7/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2016-7942",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1036945",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036945"
                },
                {
                  "name": "USN-3758-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3758-2/"
                },
                {
                  "name": "GLSA-201704-03",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201704-03"
                },
                {
                  "name": "93363",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93363"
                },
                {
                  "name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
                  "refsource": "MLIST",
                  "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
                },
                {
                  "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"
                },
                {
                  "name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"
                },
                {
                  "name": "USN-3758-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3758-1/"
                },
                {
                  "name": "FEDORA-2016-0df69ab477",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMCVDXMFPXR7QGMKDG22WPPJCXH2X3L7/"
                },
                {
                  "name": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17",
                  "refsource": "CONFIRM",
                  "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2016-7942",
        "datePublished": "2016-12-13T20:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:13:21.749Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-7439 (GCVE-0-2013-7439)

    Vulnerability from cvelistv5 – Published: 2015-04-16 14:00 – Updated: 2024-08-06 18:09
    VLAI
    Summary
    Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2568-1 vendor-advisoryx_refsource_UBUNTU
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/73962 vdb-entryx_refsource_BID
    http://www.debian.org/security/2015/dsa-3224 vendor-advisoryx_refsource_DEBIAN
    http://seclists.org/oss-sec/2015/q2/81 mailing-listx_refsource_MLIST
    http://lists.x.org/archives/xorg-announce/2015-Ap… mailing-listx_refsource_MLIST
    https://bugs.freedesktop.org/show_bug.cgi?id=56508 x_refsource_CONFIRM
    Date Public
    2015-04-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:09:16.255Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2568-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2568-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
              },
              {
                "name": "73962",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/73962"
              },
              {
                "name": "DSA-3224",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3224"
              },
              {
                "name": "[oss-security] 20150409 Re: CVE Request: libX11: buffer overflow in MakeBigReq macro",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2015/q2/81"
              },
              {
                "name": "[xorg-announce] 20150414 [ANNOUNCE] X.Org Security Advisory: Buffer overflow in MakeBigReq macro",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.x.org/archives/xorg-announce/2015-April/002561.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.freedesktop.org/show_bug.cgi?id=56508"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-10-17T13:57:01.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "name": "USN-2568-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2568-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
            },
            {
              "name": "73962",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/73962"
            },
            {
              "name": "DSA-3224",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3224"
            },
            {
              "name": "[oss-security] 20150409 Re: CVE Request: libX11: buffer overflow in MakeBigReq macro",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2015/q2/81"
            },
            {
              "name": "[xorg-announce] 20150414 [ANNOUNCE] X.Org Security Advisory: Buffer overflow in MakeBigReq macro",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.x.org/archives/xorg-announce/2015-April/002561.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=56508"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "ID": "CVE-2013-7439",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-2568-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2568-1"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
                },
                {
                  "name": "73962",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/73962"
                },
                {
                  "name": "DSA-3224",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3224"
                },
                {
                  "name": "[oss-security] 20150409 Re: CVE Request: libX11: buffer overflow in MakeBigReq macro",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2015/q2/81"
                },
                {
                  "name": "[xorg-announce] 20150414 [ANNOUNCE] X.Org Security Advisory: Buffer overflow in MakeBigReq macro",
                  "refsource": "MLIST",
                  "url": "http://lists.x.org/archives/xorg-announce/2015-April/002561.html"
                },
                {
                  "name": "https://bugs.freedesktop.org/show_bug.cgi?id=56508",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.freedesktop.org/show_bug.cgi?id=56508"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2013-7439",
        "datePublished": "2015-04-16T14:00:00.000Z",
        "dateReserved": "2015-04-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:09:16.255Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1667 (GCVE-0-2007-1667)

    Vulnerability from cvelistv5 – Published: 2007-03-24 21:00 – Updated: 2024-08-07 13:06
    VLAI
    Summary
    Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://secunia.com/advisories/24745 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/33937 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/24771 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/24756 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2007-01… vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/23300 vdb-entryx_refsource_BID
    http://support.apple.com/kb/HT3438 x_refsource_CONFIRM
    http://secunia.com/advisories/24739 third-party-advisoryx_refsource_SECUNIA
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://security.gentoo.org/glsa/glsa-200705-06.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/24758 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/usn-453-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/usn-481-1 vendor-advisoryx_refsource_UBUNTU
    https://issues.rpath.com/browse/RPL-1211 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2007-0125.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/24741 third-party-advisoryx_refsource_SECUNIA
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414045 x_refsource_CONFIRM
    http://secunia.com/advisories/25992 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/26177 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/usn-453-2 vendor-advisoryx_refsource_UBUNTU
    http://www.vupen.com/english/advisories/2007/1531 vdb-entryx_refsource_VUPEN
    http://lists.freedesktop.org/archives/xorg-announ… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/24791 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/24975 third-party-advisoryx_refsource_SECUNIA
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/30161 third-party-advisoryx_refsource_SECUNIA
    http://www.gentoo.org/security/en/glsa/glsa-20080… vendor-advisoryx_refsource_GENTOO
    http://www.debian.org/security/2007/dsa-1294 vendor-advisoryx_refsource_DEBIAN
    https://bugzilla.redhat.com/bugzilla/show_bug.cgi… x_refsource_CONFIRM
    http://www.securitytracker.com/id?1017864 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/24765 third-party-advisoryx_refsource_SECUNIA
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/464686/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/464816/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/25131 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2009/dsa-1858 vendor-advisoryx_refsource_DEBIAN
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/24953 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/1217 vdb-entryx_refsource_VUPEN
    http://www.openbsd.org/errata40.html#011_xorg vendor-advisoryx_refsource_OPENBSD
    https://issues.rpath.com/browse/RPL-1213 x_refsource_CONFIRM
    http://secunia.com/advisories/25004 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/25305 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/25072 third-party-advisoryx_refsource_SECUNIA
    http://www.openbsd.org/errata39.html#021_xorg vendor-advisoryx_refsource_OPENBSD
    http://secunia.com/advisories/25112 third-party-advisoryx_refsource_SECUNIA
    http://issues.foresightlinux.org/browse/FL-223 x_refsource_CONFIRM
    http://secunia.com/advisories/36260 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2007-01… vendor-advisoryx_refsource_REDHAT
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    Date Public
    2007-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:06:25.712Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "102888",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102888-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-176.htm"
              },
              {
                "name": "24745",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24745"
              },
              {
                "name": "33937",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33937"
              },
              {
                "name": "24771",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24771"
              },
              {
                "name": "24756",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24756"
              },
              {
                "name": "RHSA-2007:0126",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html"
              },
              {
                "name": "23300",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23300"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT3438"
              },
              {
                "name": "24739",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24739"
              },
              {
                "name": "APPLE-SA-2009-02-12",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
              },
              {
                "name": "GLSA-200705-06",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200705-06.xml"
              },
              {
                "name": "24758",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24758"
              },
              {
                "name": "USN-453-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-453-1"
              },
              {
                "name": "USN-481-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-481-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-1211"
              },
              {
                "name": "RHSA-2007:0125",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html"
              },
              {
                "name": "24741",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24741"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414045"
              },
              {
                "name": "25992",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25992"
              },
              {
                "name": "26177",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26177"
              },
              {
                "name": "USN-453-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-453-2"
              },
              {
                "name": "ADV-2007-1531",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1531"
              },
              {
                "name": "[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html"
              },
              {
                "name": "24791",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24791"
              },
              {
                "name": "24975",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24975"
              },
              {
                "name": "SUSE-SA:2007:027",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html"
              },
              {
                "name": "30161",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30161"
              },
              {
                "name": "GLSA-200805-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
              },
              {
                "name": "DSA-1294",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2007/dsa-1294"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231684"
              },
              {
                "name": "1017864",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017864"
              },
              {
                "name": "24765",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24765"
              },
              {
                "name": "SUSE-SR:2007:008",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
              },
              {
                "name": "20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded"
              },
              {
                "name": "20070405 FLEA-2007-0009-1: xorg-x11 freetype",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded"
              },
              {
                "name": "25131",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25131"
              },
              {
                "name": "DSA-1858",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2009/dsa-1858"
              },
              {
                "name": "oval:org.mitre.oval:def:9776",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9776"
              },
              {
                "name": "24953",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24953"
              },
              {
                "name": "ADV-2007-1217",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1217"
              },
              {
                "name": "[4.0] 011: SECURITY FIX: April 4, 2007",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_OPENBSD",
                  "x_transferred"
                ],
                "url": "http://www.openbsd.org/errata40.html#011_xorg"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-1213"
              },
              {
                "name": "25004",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25004"
              },
              {
                "name": "MDKSA-2007:147",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:147"
              },
              {
                "name": "25305",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25305"
              },
              {
                "name": "oval:org.mitre.oval:def:1693",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1693"
              },
              {
                "name": "25072",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25072"
              },
              {
                "name": "[3.9] 021: SECURITY FIX: April 4, 2007",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_OPENBSD",
                  "x_transferred"
                ],
                "url": "http://www.openbsd.org/errata39.html#021_xorg"
              },
              {
                "name": "25112",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25112"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://issues.foresightlinux.org/browse/FL-223"
              },
              {
                "name": "36260",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36260"
              },
              {
                "name": "RHSA-2007:0157",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2007-0157.html"
              },
              {
                "name": "MDKSA-2007:079",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "102888",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102888-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-176.htm"
            },
            {
              "name": "24745",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24745"
            },
            {
              "name": "33937",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33937"
            },
            {
              "name": "24771",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24771"
            },
            {
              "name": "24756",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24756"
            },
            {
              "name": "RHSA-2007:0126",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html"
            },
            {
              "name": "23300",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23300"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT3438"
            },
            {
              "name": "24739",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24739"
            },
            {
              "name": "APPLE-SA-2009-02-12",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
            },
            {
              "name": "GLSA-200705-06",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200705-06.xml"
            },
            {
              "name": "24758",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24758"
            },
            {
              "name": "USN-453-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-453-1"
            },
            {
              "name": "USN-481-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-481-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-1211"
            },
            {
              "name": "RHSA-2007:0125",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html"
            },
            {
              "name": "24741",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24741"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414045"
            },
            {
              "name": "25992",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25992"
            },
            {
              "name": "26177",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26177"
            },
            {
              "name": "USN-453-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-453-2"
            },
            {
              "name": "ADV-2007-1531",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1531"
            },
            {
              "name": "[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html"
            },
            {
              "name": "24791",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24791"
            },
            {
              "name": "24975",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24975"
            },
            {
              "name": "SUSE-SA:2007:027",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html"
            },
            {
              "name": "30161",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30161"
            },
            {
              "name": "GLSA-200805-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
            },
            {
              "name": "DSA-1294",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2007/dsa-1294"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231684"
            },
            {
              "name": "1017864",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017864"
            },
            {
              "name": "24765",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24765"
            },
            {
              "name": "SUSE-SR:2007:008",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
            },
            {
              "name": "20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded"
            },
            {
              "name": "20070405 FLEA-2007-0009-1: xorg-x11 freetype",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded"
            },
            {
              "name": "25131",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25131"
            },
            {
              "name": "DSA-1858",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2009/dsa-1858"
            },
            {
              "name": "oval:org.mitre.oval:def:9776",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9776"
            },
            {
              "name": "24953",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24953"
            },
            {
              "name": "ADV-2007-1217",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1217"
            },
            {
              "name": "[4.0] 011: SECURITY FIX: April 4, 2007",
              "tags": [
                "vendor-advisory",
                "x_refsource_OPENBSD"
              ],
              "url": "http://www.openbsd.org/errata40.html#011_xorg"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-1213"
            },
            {
              "name": "25004",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25004"
            },
            {
              "name": "MDKSA-2007:147",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:147"
            },
            {
              "name": "25305",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25305"
            },
            {
              "name": "oval:org.mitre.oval:def:1693",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1693"
            },
            {
              "name": "25072",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25072"
            },
            {
              "name": "[3.9] 021: SECURITY FIX: April 4, 2007",
              "tags": [
                "vendor-advisory",
                "x_refsource_OPENBSD"
              ],
              "url": "http://www.openbsd.org/errata39.html#021_xorg"
            },
            {
              "name": "25112",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25112"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://issues.foresightlinux.org/browse/FL-223"
            },
            {
              "name": "36260",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36260"
            },
            {
              "name": "RHSA-2007:0157",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0157.html"
            },
            {
              "name": "MDKSA-2007:079",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2007-1667",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "102888",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102888-1"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-176.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-176.htm"
                },
                {
                  "name": "24745",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24745"
                },
                {
                  "name": "33937",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33937"
                },
                {
                  "name": "24771",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24771"
                },
                {
                  "name": "24756",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24756"
                },
                {
                  "name": "RHSA-2007:0126",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html"
                },
                {
                  "name": "23300",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23300"
                },
                {
                  "name": "http://support.apple.com/kb/HT3438",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT3438"
                },
                {
                  "name": "24739",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24739"
                },
                {
                  "name": "APPLE-SA-2009-02-12",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
                },
                {
                  "name": "GLSA-200705-06",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200705-06.xml"
                },
                {
                  "name": "24758",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24758"
                },
                {
                  "name": "USN-453-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-453-1"
                },
                {
                  "name": "USN-481-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-481-1"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-1211",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-1211"
                },
                {
                  "name": "RHSA-2007:0125",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html"
                },
                {
                  "name": "24741",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24741"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414045",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414045"
                },
                {
                  "name": "25992",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25992"
                },
                {
                  "name": "26177",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26177"
                },
                {
                  "name": "USN-453-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-453-2"
                },
                {
                  "name": "ADV-2007-1531",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1531"
                },
                {
                  "name": "[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont",
                  "refsource": "MLIST",
                  "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html"
                },
                {
                  "name": "24791",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24791"
                },
                {
                  "name": "24975",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24975"
                },
                {
                  "name": "SUSE-SA:2007:027",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html"
                },
                {
                  "name": "30161",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30161"
                },
                {
                  "name": "GLSA-200805-07",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
                },
                {
                  "name": "DSA-1294",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2007/dsa-1294"
                },
                {
                  "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231684",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231684"
                },
                {
                  "name": "1017864",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017864"
                },
                {
                  "name": "24765",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24765"
                },
                {
                  "name": "SUSE-SR:2007:008",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
                },
                {
                  "name": "20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded"
                },
                {
                  "name": "20070405 FLEA-2007-0009-1: xorg-x11 freetype",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded"
                },
                {
                  "name": "25131",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25131"
                },
                {
                  "name": "DSA-1858",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2009/dsa-1858"
                },
                {
                  "name": "oval:org.mitre.oval:def:9776",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9776"
                },
                {
                  "name": "24953",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24953"
                },
                {
                  "name": "ADV-2007-1217",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1217"
                },
                {
                  "name": "[4.0] 011: SECURITY FIX: April 4, 2007",
                  "refsource": "OPENBSD",
                  "url": "http://www.openbsd.org/errata40.html#011_xorg"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-1213",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-1213"
                },
                {
                  "name": "25004",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25004"
                },
                {
                  "name": "MDKSA-2007:147",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:147"
                },
                {
                  "name": "25305",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25305"
                },
                {
                  "name": "oval:org.mitre.oval:def:1693",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1693"
                },
                {
                  "name": "25072",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25072"
                },
                {
                  "name": "[3.9] 021: SECURITY FIX: April 4, 2007",
                  "refsource": "OPENBSD",
                  "url": "http://www.openbsd.org/errata39.html#021_xorg"
                },
                {
                  "name": "25112",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25112"
                },
                {
                  "name": "http://issues.foresightlinux.org/browse/FL-223",
                  "refsource": "CONFIRM",
                  "url": "http://issues.foresightlinux.org/browse/FL-223"
                },
                {
                  "name": "36260",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36260"
                },
                {
                  "name": "RHSA-2007:0157",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2007-0157.html"
                },
                {
                  "name": "MDKSA-2007:079",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2007-1667",
        "datePublished": "2007-03-24T21:00:00.000Z",
        "dateReserved": "2007-03-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:06:25.712Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5397 (GCVE-0-2006-5397)

    Vulnerability from cvelistv5 – Published: 2006-11-03 00:00 – Updated: 2024-08-07 19:48
    VLAI
    Summary
    The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/22749 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/20845 vdb-entryx_refsource_BID
    https://bugs.freedesktop.org/show_bug.cgi?id=8699 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2006/4289 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/22642 third-party-advisoryx_refsource_SECUNIA
    http://gitweb.freedesktop.org/?p=xorg/lib/libX11.… x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2006-10-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:48:30.400Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "22749",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22749"
              },
              {
                "name": "20845",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20845"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.freedesktop.org/show_bug.cgi?id=8699"
              },
              {
                "name": "ADV-2006-4289",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4289"
              },
              {
                "name": "22642",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22642"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git%3Ba=commit%3Bh=686bb8b35acf6cecae80fe89b2b5853f5816ce19"
              },
              {
                "name": "MDKSA-2006:199",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:199"
              },
              {
                "name": "libx11-xinput-information-disclosure(29956)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29956"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-10-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "22749",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22749"
            },
            {
              "name": "20845",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20845"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=8699"
            },
            {
              "name": "ADV-2006-4289",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4289"
            },
            {
              "name": "22642",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22642"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git%3Ba=commit%3Bh=686bb8b35acf6cecae80fe89b2b5853f5816ce19"
            },
            {
              "name": "MDKSA-2006:199",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:199"
            },
            {
              "name": "libx11-xinput-information-disclosure(29956)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29956"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5397",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "22749",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22749"
                },
                {
                  "name": "20845",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/20845"
                },
                {
                  "name": "https://bugs.freedesktop.org/show_bug.cgi?id=8699",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.freedesktop.org/show_bug.cgi?id=8699"
                },
                {
                  "name": "ADV-2006-4289",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/4289"
                },
                {
                  "name": "22642",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22642"
                },
                {
                  "name": "http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git;a=commit;h=686bb8b35acf6cecae80fe89b2b5853f5816ce19",
                  "refsource": "CONFIRM",
                  "url": "http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git;a=commit;h=686bb8b35acf6cecae80fe89b2b5853f5816ce19"
                },
                {
                  "name": "MDKSA-2006:199",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:199"
                },
                {
                  "name": "libx11-xinput-information-disclosure(29956)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29956"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5397",
        "datePublished": "2006-11-03T00:00:00.000Z",
        "dateReserved": "2006-10-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:48:30.400Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }