First published: Tue Oct 03 2023(Updated: )
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
X.Org libX11 | <1.8.7 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 | |
Fedoraproject Fedora | =38 | |
debian/libx11 | <=2:1.6.7-1+deb10u2 | 2:1.6.7-1+deb10u4 2:1.7.2-1+deb11u2 2:1.8.4-2+deb12u2 2:1.8.7-1 |
redhat/libX11 | <1.8.7 | 1.8.7 |
ubuntu/libx11 | <2:1.6.4-3ubuntu0.4+ | 2:1.6.4-3ubuntu0.4+ |
ubuntu/libx11 | <2:1.6.9-2ubuntu1.6 | 2:1.6.9-2ubuntu1.6 |
ubuntu/libx11 | <2:1.7.5-1ubuntu0.3 | 2:1.7.5-1ubuntu0.3 |
ubuntu/libx11 | <2:1.8.4-2ubuntu0.3 | 2:1.8.4-2ubuntu0.3 |
ubuntu/libx11 | <2:1.8.6-1ubuntu1 | 2:1.8.6-1ubuntu1 |
ubuntu/libx11 | <2:1.8.6-1ubuntu1 | 2:1.8.6-1ubuntu1 |
ubuntu/libx11 | <2:1.6.2-1ubuntu2.1+ | 2:1.6.2-1ubuntu2.1+ |
ubuntu/libx11 | <1.8.7 | 1.8.7 |
ubuntu/libx11 | <2:1.6.3-1ubuntu2.2+ | 2:1.6.3-1ubuntu2.2+ |
ubuntu/libxpm | <1:3.5.12-1ubuntu0.18.04.2+ | 1:3.5.12-1ubuntu0.18.04.2+ |
ubuntu/libxpm | <1:3.5.12-1ubuntu0.20.04.2 | 1:3.5.12-1ubuntu0.20.04.2 |
ubuntu/libxpm | <1:3.5.12-1ubuntu0.22.04.2 | 1:3.5.12-1ubuntu0.22.04.2 |
ubuntu/libxpm | <1:3.5.12-1.1ubuntu0.1 | 1:3.5.12-1.1ubuntu0.1 |
ubuntu/libxpm | <1:3.5.12-1.1ubuntu1 | 1:3.5.12-1.1ubuntu1 |
ubuntu/libxpm | <1:3.5.12-1.1ubuntu1 | 1:3.5.12-1.1ubuntu1 |
ubuntu/libxpm | <1:3.5.10-1ubuntu0.1+ | 1:3.5.10-1ubuntu0.1+ |
ubuntu/libxpm | <3.5.17 | 3.5.17 |
ubuntu/libxpm | <1:3.5.11-1ubuntu0.16.04.1+ | 1:3.5.11-1ubuntu0.16.04.1+ |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-43787 is a vulnerability in the libX11 library that allows an attacker to trigger a heap overflow through an integer overflow in the XCreateImage() function.
CVE-2023-43787 has a severity rating of high.
Versions 1.8.7 of libX11 (Ubuntu) and versions up to 1.8.7 (Ubuntu) are affected by CVE-2023-43787.
To fix CVE-2023-43787, upgrade to version 1.8.7 (Ubuntu) or later, or apply the recommended patches for your specific Ubuntu or Debian distribution.
You can find more information about CVE-2023-43787 in the CVE entry at [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43787](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43787) and the Ubuntu security notices at [https://ubuntu.com/security/notices/USN-6407-1](https://ubuntu.com/security/notices/USN-6407-1) and [https://ubuntu.com/security/notices/USN-6408-1](https://ubuntu.com/security/notices/USN-6408-1).