CVE-2006-5397
published 2006-11-03CVE-2006-5397: The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a…
PriorityP45low2.1CVSS 2.0
AVLACLAuNCPINAN
EPSS
0.36%
27.4th percentile
The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libx11 | < libx11 2:1.0.3-3 (bookworm) | libx11 2:1.0.3-3 (bookworm) |
| x.org | libx11 | — | — |
| x.org | libx11 | — | — |
| x.org | libx11 | >= 0 < 2:1.0.3-3 | 2:1.0.3-3 |
| x.org | libx11 | >= 0 < 2:1.0.3-3 | 2:1.0.3-3 |
| x.org | libx11 | >= 0 < 2:1.0.3-3 | 2:1.0.3-3 |
| x.org | libx11 | >= 0 < 2:1.0.3-3 | 2:1.0.3-3 |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
osv2.1LOW
vendor_debian2.1LOW
vendor_redhat2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
CVE-2006-5397 libX11 file descriptor leak
vendor_redhat·2006-10-18·CVSS 2.1
CVE-2006-5397 [LOW] CVE-2006-5397 libX11 file descriptor leak
CVE-2006-5397 libX11 file descriptor leak
The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.
Statement: Not vulnerable. These issues did not affect the versions of libX11 as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Debian
CVE-2006-5397: libx11 - The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 op...
vendor_debian·2006·CVSS 2.1
CVE-2006-5397 [LOW] CVE-2006-5397: libx11 - The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 op...
The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.
Scope: local
bookworm: resolved (fixed in 2:1.0.3-3)
bullseye: resolved (fixed in 2:1.0.3-3)
forky: resolved (fixed in 2:1.0.3-3)
sid: resolved (fixed in 2:1.0.3-3)
trixie: resolved (fixed in 2:1.0.3-3)
VulDB
X.org X11 1.0.2/1.0.3 Xinput XCOMPOSEFILE information disclosure (Nessus ID 24584 / XFDB-29956)
vuldb·2026-04-26·CVSS 2.1
CVE-2006-5397 [LOW] X.org X11 1.0.2/1.0.3 Xinput XCOMPOSEFILE information disclosure (Nessus ID 24584 / XFDB-29956)
A vulnerability classified as problematic has been found in X.org X11 1.0.2/1.0.3. Impacted is an unknown function of the component Xinput Module. The manipulation of the argument XCOMPOSEFILE leads to information disclosure.
This vulnerability is referenced as CVE-2006-5397. The attack needs to be initiated within the local network. Furthermore, an exploit is available.
Applying a patch is the recommended action to fix this issue.
GHSA
GHSA-mfr2-w78g-62fw: The Xinput module (modules/im/ximcp/imLcIm
ghsa_unreviewed·2022-05-01
CVE-2006-5397 [LOW] GHSA-mfr2-w78g-62fw: The Xinput module (modules/im/ximcp/imLcIm
The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.
OSV
CVE-2006-5397: The Xinput module (modules/im/ximcp/imLcIm
osv·2006-11-03·CVSS 2.1
CVE-2006-5397 [LOW] CVE-2006-5397: The Xinput module (modules/im/ximcp/imLcIm
The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.
No detection rules found.
No public exploits indexed.
http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git%3Ba=commit%3Bh=686bb8b35acf6cecae80fe89b2b5853f5816ce19http://secunia.com/advisories/22642http://secunia.com/advisories/22749http://www.mandriva.com/security/advisories?name=MDKSA-2006:199http://www.securityfocus.com/bid/20845http://www.vupen.com/english/advisories/2006/4289https://bugs.freedesktop.org/show_bug.cgi?id=8699https://exchange.xforce.ibmcloud.com/vulnerabilities/29956http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git%3Ba=commit%3Bh=686bb8b35acf6cecae80fe89b2b5853f5816ce19http://secunia.com/advisories/22642http://secunia.com/advisories/22749http://www.mandriva.com/security/advisories?name=MDKSA-2006:199http://www.securityfocus.com/bid/20845http://www.vupen.com/english/advisories/2006/4289https://bugs.freedesktop.org/show_bug.cgi?id=8699https://exchange.xforce.ibmcloud.com/vulnerabilities/29956
2006-11-03
Published