CVE-2023-43786Uncontrolled Resource Consumption in Libx11

CWE-400Uncontrolled Resource ConsumptionCWE-835Infinite LoopCWE-203Observable DiscrepancyCWE-208Observable Timing Discrepancy18 documents10 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 75.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
X.org Libx11X.org LibxpmFedoraproject Fedora+1 more
Timeline
PublishedOct 10
Latest updateSep 9

Description

A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDx.org/libx11< 1.8.7
Debianx.org/libx11< 2:1.7.2-1+deb11u2+3
Ubuntux.org/libxpm< 1:3.5.12-1ubuntu0.20.04.2+4

Also affects: Fedora 38, Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

8
GHSA
Liferay Portal exposes ERC which can lead to exploit the time response attack2025-09-09
OSV
libxpm vulnerabilities2023-10-23
CVEList
Libx11: stack exhaustion from infinite recursion in putsubimage()2023-10-10
OSV
CVE-2023-43786: A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function2023-10-10
GHSA
GHSA-35w7-h3v9-8qw4: A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function2023-10-10

📋Vendor Advisories

9
Ubuntu
libXpm vulnerabilities2023-10-23
Ubuntu
libx11 vulnerabilities2023-10-10
Microsoft
Libx11: stack exhaustion from infinite recursion in putsubimage()2023-10-10
Red Hat
libX11: stack exhaustion from infinite recursion in PutSubImage()2023-10-04
Ubuntu
libXpm vulnerabilities2023-10-03
CVE-2023-43786 — Uncontrolled Resource Consumption | cvebase