PT-2018-3157 · X.Org Foundation+5 · Libx11+5

Tobias Stoeckmann

Published

2018-08-24

Updated

2024-06-15

CVE-2018-14600

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libX11 versions prior to 1.6.5

Description The issue is related to the XListExtensions function in the ListExt.c file of the libX11 library, which provides the client-side API for the X Window System. It is associated with a buffer overflow due to interpreting a variable as signed instead of unsigned, resulting in an out-of-bounds write. This could allow a remote attacker to cause a denial of service or execute arbitrary code.

Recommendations For libX11 versions prior to 1.6.5, update to version 1.6.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the XListExtensions function until a patch is available.

Fix

RCE

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2018-2452

BDU:2019-04258

CESA-2019_2079

CVE-2018-14600

DLA-1482-1

MGASA-2018-0377

OPENSUSE-SU-2018_2567-1

OPENSUSE-SU-2018_3012-1

OPENSUSE-SU-2024:10918-1

RHSA-2019:2079

RHSA-2019_2079

SUSE-SU-2018:2934-1

SUSE-SU-2018:2955-1

SUSE-SU-2018:3102-1

USN-3758-1

USN-3758-2

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Libx11

PT-2018-3157 · X.Org Foundation+5 · Libx11+5

CVE-2018-14600

Weakness Enumeration

Related Identifiers

Affected Products

References · 127