CVE-2020-14363Integer Overflow or Wraparound in Libx11

CWE-190Integer Overflow or WraparoundCWE-416Use After Free13 documents8 sources
Severity
7.8HIGHNVD
OSV6.7
EPSS
0.1%
top 64.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
X.org Libx11THE X11 Project Libx11Fedoraproject Fedora
Timeline
PublishedSep 11
Latest updateMay 24

Description

An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDx.org/libx11< 1.6.12
Debianx.org/libx11< 2:1.6.12-1+3
Ubuntux.org/libx11< 2:1.6.3-1ubuntu2.2+2
CVEListV5the_x11_project/libx111.6.12

Also affects: Fedora 33

🔴Vulnerability Details

5
GHSA
GHSA-qmwg-hw9q-xg39: An integer overflow vulnerability leading to a double-free was found in libX112022-05-24
CVEList
CVE-2020-14363: An integer overflow vulnerability leading to a double-free was found in libX112020-09-11
OSV
CVE-2020-14363: An integer overflow vulnerability leading to a double-free was found in libX112020-09-11
OSV
libx11 vulnerabilities2020-09-08
OSV
libx11 vulnerabilities2020-09-02

📋Vendor Advisories

4
Ubuntu
libx11 vulnerabilities2020-09-08
Ubuntu
libx11 vulnerabilities2020-09-02
Red Hat
libX11: integer overflow leads to double free in locale handling2020-08-25
Debian
CVE-2020-14363: libx11 - An integer overflow vulnerability leading to a double-free was found in libX11. ...2020

💬Community

2
Bugzilla
CVE-2020-14363 libX11: integer overflow leads to double free in locale handling [fedora-all]2020-08-25
Bugzilla
CVE-2020-14363 libX11: integer overflow leads to double free in locale handling2020-08-25
CVE-2020-14363 — Integer Overflow or Wraparound | cvebase