X.org has released information on five vulnerabilities in the Libx11 and Libxpm libraries, both developed by the X.Org. The issues have been resolved in Libxpm 3.5.17 and Libx11 1.8.7. Three vulnerabilities have been identified in the Libx11 library, which pertain to the functions with the client implementation of the X11 protocol.
- CVE-2023-43785 – This vulnerability allows for an out-of-bounds exit in the Libx11 code. It is triggered when processing a response from the X-server with the number of symbols that do not match the previously sent query XKBGETMAP. The vulnerability has existed since 1996 in X11R6.1. It can be exploited when an application using LIBX11 connects to a malicious X-server or an intermediate proxy controlled by the attacker.
- CVE-2023-43786 – A stack exhaustion vulnerability occurs due to endless recursion in the Putsubimage() function() in LIBX11. This issue arises during the processing of specially designed data in XPM format. The vulnerability has been present since the release of X11R2 in February 1988.
- CVE-2023-43787 – An integer overflow in the xcreateimage() function in LIBX11 leads to heap overflow. The error in calculating the size results in overflow of the heap, which does not match the actual size of the data. This problem originates from the XpmreadfiletopixMap() function and can be exploited when processing a specially designed file in XPM format. The vulnerability has also existed since the release of X11R2 in 1988.
In addition, two vulnerabilities have been disclosed in the libxpm library – CVE-2023-43788 and CVE-2023-43789. These vulnerabilities are caused by the ability to read from areas outside the dedicated memory. The issues
/Reports, release notes, official announcements.