PT-2020-3583 · X.Org Foundation+8 · Libx11+8

Todd Carson

·

Published

2020-07-31

·

Updated

2026-05-07

·

CVE-2020-14344

CVSS v3.1

6.7

Medium

VectorAV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions libX11 versions prior to 1.6.10
Description The issue is caused by an integer overflow in the libX11 library, which can lead to a heap-buffer overflow. This can potentially impact the confidentiality, integrity, and availability of protected information. The vulnerability is security-relevant when setuid programs call XIM client functions while running with elevated privileges.
Recommendations For versions prior to 1.6.10, update to version 1.6.10 or later to resolve the issue. As a temporary workaround, consider restricting the use of setuid programs that call XIM client functions to minimize the risk of exploitation.

Exploit

Fix

Integer Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-119

Related Identifiers

ALSA-2021:1804
ALT-PU-2020-2588
ALT-PU-2021-1868
ALT-PU-2021-2344
BDU:2020-03916
CESA-2021_1804
CVE-2020-14344
DLA-2312-1
JLSEC-2026-469
MGASA-2020-0334
OPENSUSE-SU-2020:1162-1
OPENSUSE-SU-2020:1164-1
OPENSUSE-SU-2020:1182-1
OPENSUSE-SU-2020:1198-1
OPENSUSE-SU-2020_1162-1
OPENSUSE-SU-2020_1164-1
OPENSUSE-SU-2020_1182-1
OPENSUSE-SU-2020_1198-1
OPENSUSE-SU-2024:10918-1
RHSA-2021:1804
RHSA-2021_1804
RLSA-2021:1804
SUSE-SU-2020:14445-1
SUSE-SU-2020:14447-1
SUSE-SU-2020:2116-1
SUSE-SU-2020:2117-1
SUSE-SU-2020:2196-1
SUSE-SU-2020:2197-1
SUSE-SU-2020_14445-1
SUSE-SU-2020_14447-1
SUSE-SU-2020_2116-1
SUSE-SU-2020_2117-1
SUSE-SU-2020_2196-1
SUSE-SU-2020_2197-1
USN-4487-1
USN-4487-2

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu
Libx11