CVE-2006-5397 — File Descriptor Leak in Libx11

7 documents7 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 76.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Libx11

Timeline

PublishedNov 3

Latest updateMay 1

Description

The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶Debianx.org/libx11< 2:1.0.3-3+3

▶NVDx.org/libx111.0.2, 1.0.3+1

Patches

Patch: bugs.freedesktop.org ↗Patch: bugs.freedesktop.org ↗

🔴Vulnerability Details

GHSA

GHSA-mfr2-w78g-62fw: The Xinput module (modules/im/ximcp/imLcIm↗2022-05-01

▶

CVEList

CVE-2006-5397: The Xinput module (modules/im/ximcp/imLcIm↗2006-11-03

▶

OSV

CVE-2006-5397: The Xinput module (modules/im/ximcp/imLcIm↗2006-11-03

▶

📋Vendor Advisories

Red Hat

CVE-2006-5397 libX11 file descriptor leak↗2006-10-18

▶

Debian

CVE-2006-5397: libx11 - The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 op...↗2006

▶

💬Community

Bugzilla

CVE-2006-5397 libX11 file descriptor leak↗2006-10-31

▶