[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <e32d5910-0234-46cd-b7f0-6bb08b3020a6@oracle.com>
Date: Wed, 24 Jan 2024 10:29:29 -0800
From: Alan Coopersmith <alan.coopersmith@...cle.com>
To: oss-security@...ts.openwall.com
Subject: Re: Fwd: X.Org Security Advisory: Issues in libX11 prior to 1.8.7 &
libXpm prior to 3.5.17
On 10/3/23 09:31, Alan Coopersmith wrote:
> 2) CVE-2023-43786 libX11: stack exhaustion from infinite recursion
> in PutSubImage()
>
> Introduced in: X11R2 [released Feb. 1988]
> Fixed in: libX11 1.8.7
> Found by: Yair Mizrahi of the JFrog Vulnerability Research team
> 3) CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to
> a heap overflow
>
> Introduced in: X11R2 [released Feb. 1988]
> Fixed in: libX11 1.8.7
> Found by: Yair Mizrahi of the JFrog Vulnerability Research team
> Fixed by: Yair Mizrahi of the JFrog Vulnerability Research team
Yair Mizrahi has now posted more about these two issues at:
https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-one/
https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/
--
-Alan Coopersmith- alan.coopersmith@...cle.com
X.Org Security Response Team - xorg-security@...ts.x.org
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
