What is CVE-2020-14363?

CVE-2020-14363 is a vulnerability in X.Org libX11 that can be exploited by a local privileged attacker to crash an application or execute arbitrary code.

What is the severity of CVE-2020-14363?

The severity of CVE-2020-14363 is high with a CVSS score of 7.8.

How does CVE-2020-14363 affect X.Org libX11?

CVE-2020-14363 affects X.Org libX11 by causing a denial of service or allowing arbitrary code execution.

Which software versions are affected by CVE-2020-14363?

The affected software versions include libX11 2:1.6.7-1+deb10u2, 2:1.6.7-1+deb10u4, 2:1.7.2-1+deb11u1, 2:1.7.2-1+deb11u2, 2:1.8.4-2+deb12u1, 2:1.8.4-2+deb12u2, and 2:1.8.7-1.

How can I fix CVE-2020-14363?

To fix CVE-2020-14363, update your libX11 software to versions 2:1.6.7-1+deb10u2, 2:1.6.7-1+deb10u4, 2:1.7.2-1+deb11u1, 2:1.7.2-1+deb11u2, 2:1.8.4-2+deb12u1, 2:1.8.4-2+deb12u2, or 2:1.8.7-1.

Vulnerability/
CVE-2020-14363

high

7.8

CWE

190 416 415

25/8/2020

7/11/2023

CVE-2020-14363: Integer Overflow

First published: Tue Aug 25 2020(Updated: )

An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
X.Org libX11	<1.6.12
Fedoraproject Fedora	=33
IBM Cloud Pak for Security (CP4S)	<=1.7.2.0
IBM Cloud Pak for Security (CP4S)	<=1.7.1.0
IBM Cloud Pak for Security (CP4S)	<=1.7.0.0
redhat/libX11	<1.6.12	1.6.12
ubuntu/libx11	<2:1.6.4-3ubuntu0.3	2:1.6.4-3ubuntu0.3
ubuntu/libx11	<2:1.6.9-2ubuntu1.1	2:1.6.9-2ubuntu1.1
ubuntu/libx11	<2:1.6.3-1ubuntu2.2	2:1.6.3-1ubuntu2.2
ubuntu/libx11	<2:1.6.2-1ubuntu2.1+	2:1.6.2-1ubuntu2.1+
debian/libx11		2:1.6.7-1+deb10u2 2:1.6.7-1+deb10u4 2:1.7.2-1+deb11u2 2:1.8.4-2+deb12u2 2:1.8.7-1

Remedy

https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2020-14363?
CVE-2020-14363 is a vulnerability in X.Org libX11 that can be exploited by a local privileged attacker to crash an application or execute arbitrary code.
What is the severity of CVE-2020-14363?
The severity of CVE-2020-14363 is high with a CVSS score of 7.8.
How does CVE-2020-14363 affect X.Org libX11?
CVE-2020-14363 affects X.Org libX11 by causing a denial of service or allowing arbitrary code execution.
Which software versions are affected by CVE-2020-14363?
The affected software versions include libX11 2:1.6.7-1+deb10u2, 2:1.6.7-1+deb10u4, 2:1.7.2-1+deb11u1, 2:1.7.2-1+deb11u2, 2:1.8.4-2+deb12u1, 2:1.8.4-2+deb12u2, and 2:1.8.7-1.
How can I fix CVE-2020-14363?
To fix CVE-2020-14363, update your libX11 software to versions 2:1.6.7-1+deb10u2, 2:1.6.7-1+deb10u4, 2:1.7.2-1+deb11u1, 2:1.7.2-1+deb11u2, 2:1.8.4-2+deb12u1, 2:1.8.4-2+deb12u2, or 2:1.8.7-1.

collector/nvd-index
collector/ibm-support
agent/type
agent/last-modified-date
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/author
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2020-14363
agent/software-canonical-lookup
agent/remedy
agent/severity
agent/references
collector/nvd-cve
source/NVD
agent/tags
agent/description
agent/event
collector/security-tracker-debian
source/Debian
agent/weakness
agent/softwarecombine
collector/usn-cve
source/Ubuntu
vendor/x.org
canonical/x.org libx11
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/33
vendor/ibm
canonical/ibm cloud pak for security (cp4s)
version/ibm cloud pak for security (cp4s)/1.7.2.0
version/ibm cloud pak for security (cp4s)/1.7.1.0
version/ibm cloud pak for security (cp4s)/1.7.0.0
package-manager/redhat
package-manager/debian
package-manager/ubuntu