Out-of-bounds Write Affecting libx11 package, versions <1.6.6-r0


Severity

Recommended
0.0
critical
0
10

Snyk's Security Team recommends NVD's CVSS assessment

    Threat Intelligence

    EPSS
    6.6% (94th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-ALPINE315-LIBX11-1927058
  • published 25 Sep 2018
  • disclosed 24 Aug 2018

How to fix?

Upgrade Alpine:3.15 libx11 to version 1.6.6-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream libx11 package and not the libx11 package as distributed by Alpine. See How to fix? for Alpine:3.15 relevant fixed versions and status.

An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.

CVSS Scores

version 3.1
Expand this section

NVD

9.8 critical
Expand this section

SUSE

8.8 high
Expand this section

Red Hat

8.1 high