First published: Tue Oct 03 2023(Updated: )
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
X.Org libX11 | <1.8.7 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 | |
Fedoraproject Fedora | =38 | |
debian/libx11 | <=2:1.6.7-1+deb10u2 | 2:1.6.7-1+deb10u4 2:1.7.2-1+deb11u2 2:1.8.4-2+deb12u2 2:1.8.7-1 |
redhat/libX11 | <1.8.7 | 1.8.7 |
ubuntu/libx11 | <2:1.6.4-3ubuntu0.4+ | 2:1.6.4-3ubuntu0.4+ |
ubuntu/libx11 | <2:1.6.9-2ubuntu1.6 | 2:1.6.9-2ubuntu1.6 |
ubuntu/libx11 | <2:1.7.5-1ubuntu0.3 | 2:1.7.5-1ubuntu0.3 |
ubuntu/libx11 | <2:1.8.4-2ubuntu0.3 | 2:1.8.4-2ubuntu0.3 |
ubuntu/libx11 | <2:1.8.6-1ubuntu1 | 2:1.8.6-1ubuntu1 |
ubuntu/libx11 | <2:1.8.6-1ubuntu1 | 2:1.8.6-1ubuntu1 |
ubuntu/libx11 | <2:1.6.2-1ubuntu2.1+ | 2:1.6.2-1ubuntu2.1+ |
ubuntu/libx11 | <1.8.7 | 1.8.7 |
ubuntu/libx11 | <2:1.6.3-1ubuntu2.2+ | 2:1.6.3-1ubuntu2.2+ |
ubuntu/libxpm | <1:3.5.12-1ubuntu0.18.04.2+ | 1:3.5.12-1ubuntu0.18.04.2+ |
ubuntu/libxpm | <1:3.5.12-1ubuntu0.20.04.2 | 1:3.5.12-1ubuntu0.20.04.2 |
ubuntu/libxpm | <1:3.5.12-1ubuntu0.22.04.2 | 1:3.5.12-1ubuntu0.22.04.2 |
ubuntu/libxpm | <1:3.5.12-1.1ubuntu0.1 | 1:3.5.12-1.1ubuntu0.1 |
ubuntu/libxpm | <1:3.5.12-1.1ubuntu1 | 1:3.5.12-1.1ubuntu1 |
ubuntu/libxpm | <1:3.5.12-1.1ubuntu1 | 1:3.5.12-1.1ubuntu1 |
ubuntu/libxpm | <1:3.5.10-1ubuntu0.1+ | 1:3.5.10-1ubuntu0.1+ |
ubuntu/libxpm | <3.5.17 | 3.5.17 |
ubuntu/libxpm | <1:3.5.11-1ubuntu0.16.04.1+ | 1:3.5.11-1ubuntu0.16.04.1+ |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-43786 is a vulnerability in libX11 that allows for stack exhaustion from infinite recursion in PutSubImage().
CVE-2023-43786 affects libX11 versions 1.8.7 and earlier, 2:1.6.9-2ubuntu1.6 and earlier, 2:1.7.5-1ubuntu0.3 and earlier, and 2:1.8.4-2ubuntu0.3 and earlier.
CVE-2023-43786 is considered a serious vulnerability.
More information about CVE-2023-43786 can be found on the MITRE CVE website and the Ubuntu security notices USN-6407-1 and USN-6408-1.
To fix CVE-2023-43786, update to libX11 version 1.8.7 or later, 2:1.6.9-2ubuntu1.6 or later, 2:1.7.5-1ubuntu0.3 or later, or 2:1.8.4-2ubuntu0.3 or later.