What is CVE-2020-14363?

CVE-2020-14363 is a vulnerability in X.Org libX11 that can be exploited by a local privileged attacker to crash an application or execute arbitrary code.

What is the severity of CVE-2020-14363?

The severity of CVE-2020-14363 is high with a CVSS score of 7.8.

How does CVE-2020-14363 affect X.Org libX11?

CVE-2020-14363 affects X.Org libX11 by causing a denial of service or allowing arbitrary code execution.

Which software versions are affected by CVE-2020-14363?

The affected software versions include libX11 2:1.6.7-1+deb10u2, 2:1.6.7-1+deb10u4, 2:1.7.2-1+deb11u1, 2:1.7.2-1+deb11u2, 2:1.8.4-2+deb12u1, 2:1.8.4-2+deb12u2, and 2:1.8.7-1.

How can I fix CVE-2020-14363?

To fix CVE-2020-14363, update your libX11 software to versions 2:1.6.7-1+deb10u2, 2:1.6.7-1+deb10u4, 2:1.7.2-1+deb11u1, 2:1.7.2-1+deb11u2, 2:1.8.4-2+deb12u1, 2:1.8.4-2+deb12u2, or 2:1.8.7-1.

Vulnerability/
CVE-2020-14363

high

7.8

CWE

190 416 415

25/8/2020

11/9/2020

20/12/2024

CVE-2020-14363: Integer Overflow

First published: Tue Aug 25 2020(Updated: )

An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
X.Org libX11	<1.6.12
Fedoraproject Fedora	=33
redhat/libX11	<1.6.12	1.6.12
IBM Cloud Pak for Security (CP4S)	<=1.7.2.0
IBM Cloud Pak for Security (CP4S)	<=1.7.1.0
IBM Cloud Pak for Security (CP4S)	<=1.7.0.0
debian/libx11		2:1.7.2-1+deb11u2 2:1.8.4-2+deb12u2 2:1.8.10-2

Remedy

https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6493729

Frequently Asked Questions

What is CVE-2020-14363?
CVE-2020-14363 is a vulnerability in X.Org libX11 that can be exploited by a local privileged attacker to crash an application or execute arbitrary code.
What is the severity of CVE-2020-14363?
The severity of CVE-2020-14363 is high with a CVSS score of 7.8.
How does CVE-2020-14363 affect X.Org libX11?
CVE-2020-14363 affects X.Org libX11 by causing a denial of service or allowing arbitrary code execution.
Which software versions are affected by CVE-2020-14363?
The affected software versions include libX11 2:1.6.7-1+deb10u2, 2:1.6.7-1+deb10u4, 2:1.7.2-1+deb11u1, 2:1.7.2-1+deb11u2, 2:1.8.4-2+deb12u1, 2:1.8.4-2+deb12u2, and 2:1.8.7-1.
How can I fix CVE-2020-14363?
To fix CVE-2020-14363, update your libX11 software to versions 2:1.6.7-1+deb10u2, 2:1.6.7-1+deb10u4, 2:1.7.2-1+deb11u1, 2:1.7.2-1+deb11u2, 2:1.8.4-2+deb12u1, 2:1.8.4-2+deb12u2, or 2:1.8.7-1.

collector/nvd-index
agent/type
collector/launchpad-cve
source/Launchpad
agent/author
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2020-14363
agent/software-canonical-lookup
agent/remedy
agent/weakness
collector/ibm-support
source/IBM
collector/mitre-cve
source/MITRE
agent/severity
collector/usn-cve
source/Ubuntu
agent/references
agent/tags
agent/first-publish-date
agent/description
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/nvd-cve
source/NVD
agent/last-modified-date
agent/trending
vendor/x.org
canonical/x.org libx11
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/33
package-manager/redhat
vendor/ibm
canonical/ibm cloud pak for security (cp4s)
version/ibm cloud pak for security (cp4s)/1.7.2.0
version/ibm cloud pak for security (cp4s)/1.7.1.0
version/ibm cloud pak for security (cp4s)/1.7.0.0
package-manager/debian