Tobias Stoeckmann

**Nome do software vulnerável e versões afetadas** Versões 0.14 e anteriores do json-c **Descrição** A vulnerabilidade está relacionada a um estouro de inteiro e a uma gravação fora dos limites no json-c, que podem ser desencadeados por um arquivo JSON de grande porte. Isso pode ser demonstrado pela função `printbuf memappend`. A exploração dessa vulnerabilidade permite que um invasor remoto acesse dados confidenciais, comprometa a integridade dos dados e cause uma negação de serviço. **Recomendações** Para as versões 0.14 e anteriores do json-c, considere atualizar para uma versão que corrija o problema de estouro de inteiro e gravação fora dos limites. Como solução temporária, considere restringir o tamanho dos arquivos JSON que podem ser processados para evitar a exploração. Além disso, restrinja o acesso a dados confidenciais e implemente medidas para prevenir ataques de negação de serviço até que um patch esteja disponível.

**Name of the Vulnerable Software and Affected Versions** libX11 versions prior to 1.6.5 **Description** The issue is related to the XListExtensions function in the ListExt.c file of the libX11 library, which provides the client-side API for the X Window System. It is associated with a buffer overflow due to interpreting a variable as signed instead of unsigned, resulting in an out-of-bounds write. This could allow a remote attacker to cause a denial of service or execute arbitrary code. **Recommendations** For libX11 versions prior to 1.6.5, update to version 1.6.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the XListExtensions function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libX11 versions through 1.6.5 **Description** The issue exists due to insufficient input validation in the XListExtensions function of the libX11 library. A malicious server can send a specially crafted reply, causing a variable to be set to NULL, which will be freed later, leading to a denial of service (segmentation fault). This can allow a remote attacker to cause a denial of service. **Recommendations** For libX11 versions through 1.6.5, consider restricting access to the XListExtensions function until a patch is available. As a temporary workaround, avoid using the vulnerable function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libX11 versions 1.6.5 and earlier **Description** The issue is related to an off-by-one error in the `XListExtensions` function, caused by malicious server responses. This can lead to a denial of service (DoS) or possibly other unspecified impacts. The vulnerability can be exploited by a remote attacker using a specially crafted server response. **Recommendations** For libX11 versions 1.6.5 and earlier, consider disabling the `XListExtensions` function as a temporary workaround until a patch is available. Restrict access to the vulnerable `ListExt.c` component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libXcursor versions prior to 1.1.15 **Description** The issue is related to integer overflows in the libXcursor package, which could lead to heap buffer overflows when processing malicious cursors. This might allow a remote attacker to cause a denial of service. The vulnerability can be exploited through programs that handle cursors, such as GIMP. Additionally, there is a potential attack vector against the related code in cursor/xcursor.c in Wayland through version 1.14.0. **Recommendations** For libXcursor versions prior to 1.1.15, update to version 1.1.15 or later to resolve the issue. As a temporary workaround, consider restricting the use of malicious cursors to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** feh versions prior to 2.18.3 **Description** The issue arises from an integer overflow in the wallpaper.c file of feh, which can lead to a buffer overflow and/or a double free when receiving an IPC message from a malicious client pretending to be the E17 window manager. **Recommendations** For versions prior to 2.18.3, update to version 2.18.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** util-linux versions prior to 2.32.1 **Description** A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. **Recommendations** For versions prior to 2.32.1, update to version 2.32.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** pacman version 5.0.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in either an infinite loop or an out-of-bounds read, by utilizing a crafted signature file. **Recommendations** For version 5.0.1, consider updating to a newer version that addresses this issue, as no specific fix is provided for this version.

**Name of the Vulnerable Software and Affected Versions** libXpm versions prior to 3.5.12 **Description** The issue is related to multiple integer overflows that occur when a program requests parsing XPM extensions on a 64-bit platform. This can be triggered by a crafted XPM file, specifically through the number of extensions or their concatenated length, leading to a heap-based buffer overflow. As a result, remote attackers can cause a denial of service (out-of-bounds write) or potentially execute arbitrary code. **Recommendations** For libXpm versions prior to 3.5.12, update to version 3.5.12 or later to resolve the issue. As a temporary workaround, consider restricting the parsing of XPM extensions on 64-bit platforms until the update is applied.

**Name of the Vulnerable Software and Affected Versions** libX11 versions prior to 1.6.4 **Description** The issue involves the XListFonts function in libX11, which might allow remote X servers to gain privileges. This is achieved through vectors involving length fields that trigger out-of-bounds write operations. **Recommendations** For versions prior to 1.6.4, update to version 1.6.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** X.org libXtst versions prior to 1.2.3 **Description** The issue allows remote X servers to cause a denial of service, resulting in an infinite loop. This can be triggered via a reply in certain categories without a client sequence and with attached data, specifically the XRecordStartOfData, XRecordEndOfData, or XRecordClientDied categories. **Recommendations** For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to remote X servers to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libXvMC versions prior to 1.0.10 **Description** A buffer underflow issue exists, allowing remote X servers to potentially have an impact by sending an empty string. **Recommendations** For versions prior to 1.0.10, update to version 1.0.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libXrender versions prior to 0.9.10 **Description** The issue allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths. This is related to the XRenderQueryFilters function in X.org libXrender. **Recommendations** For versions prior to 0.9.10, update to version 0.9.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libXv versions prior to 1.0.11 **Description** The issue concerns the XvQueryAdaptors and XvQueryEncodings functions in libXv, which allow remote X servers to trigger out-of-bounds memory access operations. This can be achieved via vectors involving length specifications in received data. **Recommendations** For versions prior to 1.0.11, update to version 1.0.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libX11 versions prior to 1.6.4 **Description** The issue involves the XGetImage function in libX11, which might allow remote X servers to gain privileges. This is achieved through vectors involving image type and geometry, triggering out-of-bounds read operations. **Recommendations** For versions prior to 1.6.4, update to version 1.6.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libXfixes versions prior to 5.0.3 **Description** The issue is related to an integer overflow that might allow remote X servers to gain privileges. This occurs when a length value of INT MAX is provided, causing the client to stop reading data and get out of sync. **Recommendations** For versions prior to 5.0.3, update to version 5.0.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** X.org libXi versions prior to 1.7.7 **Description** The issue involves multiple integer overflows that can be exploited by remote X servers, leading to a denial of service. This can result in out-of-bounds memory access or an infinite loop, specifically through vectors involving length fields. **Recommendations** For versions prior to 1.7.7, update to version 1.7.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** X.org libXi versions prior to 1.7.7 **Description** The issue allows remote X servers to cause a denial of service, resulting in an infinite loop. This is achieved through vectors involving length fields. **Recommendations** For versions prior to 1.7.7, update to version 1.7.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libXrandr versions prior to 1.5.1 **Description** The issue is related to multiple integer overflows that can be triggered by remote X servers via crafted responses, leading to out-of-bounds write operations. **Recommendations** For versions prior to 1.5.1, update to version 1.5.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libXrandr versions prior to 1.5.1 **Description** The issue allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. **Recommendations** For versions prior to 1.5.1, update to version 1.5.1 or later to resolve the issue.