CVE-2023-43787

Summary

CVE	CVE-2023-43787
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-10-10 13:15:00 UTC
Updated	2024-01-24 21:15:00 UTC
Description	A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.

Risk And Classification

Problem Types: CWE-190

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Fedoraproject	Fedora	38	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Operating System	Redhat	Enterprise Linux	9.0	All	All	All
Application	X.org	Libx11	All	All	All	All

References

Reference	Source	Link	Tags
cve-details	MISC	access.redhat.com
2242254 – (CVE-2023-43787) CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to a heap overflow	MISC	bugzilla.redhat.com
October 2023 libX11 Vulnerabilities in NetApp Products \| NetApp Product Security	MISC	security.netapp.com
oss-security - Re: Fwd: X.Org Security Advisory: Issues in libX11 prior to 1.8.7 & libXpm prior to 3.5.17		www.openwall.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

199797 Ubuntu Security Notification for libXpm Vulnerabilities (USN-6408-1)
199800 Ubuntu Security Notification for libx11 Vulnerabilities (USN-6407-1)
199821 Ubuntu Security Notification for libx11 Vulnerabilities (USN-6407-2)
199853 Ubuntu Security Notification for libXpm Vulnerabilities (USN-6408-2)
296108 Oracle Solaris 11.4 Support Repository Update (SRU) 66.164.1 Missing (CPUJAN2024)
356439 Amazon Linux Security Advisory for libX11 : ALAS2-2023-2296
356444 Amazon Linux Security Advisory for libXpm : ALAS2-2023-2295
356449 Amazon Linux Security Advisory for libX11 : ALAS-2023-1859
356525 Amazon Linux Security Advisory for libXpm : ALAS2023-2023-382
356542 Amazon Linux Security Advisory for libX11 : ALAS2023-2023-383
356545 Amazon Linux Security Advisory for libXpm : ALAS-2023-1875
356979 Amazon Linux Security Advisory for libX11 : AL2012-2023-463
356987 Amazon Linux Security Advisory for libXpm : AL2012-2023-471
503467 Alpine Linux Security Update for libx11
505891 Alpine Linux Security Update for libx11
6000113 Debian Security Update for libxpm (DLA 3603-1)
6000133 Debian Security Update for libx11 (DLA 3602-1)
6000211 Debian Security Update for libx11 (DSA 5517-1)
673510 EulerOS Security Update for libx11 (EulerOS-SA-2023-3249)
673631 EulerOS Security Update for libxpm (EulerOS-SA-2024-1282)
673653 EulerOS Security Update for libx11 (EulerOS-SA-2024-1150)
673658 EulerOS Security Update for libx11 (EulerOS-SA-2024-1281)
673663 EulerOS Security Update for libxpm (EulerOS-SA-2024-1340)
673682 EulerOS Security Update for libx11 (EulerOS-SA-2024-1089)
673699 EulerOS Security Update for libx11 (EulerOS-SA-2023-3310)
673702 EulerOS Security Update for libxpm (EulerOS-SA-2024-1318)
673769 EulerOS Security Update for libxpm (EulerOS-SA-2024-1180)
673940 EulerOS Security Update for libx11 (EulerOS-SA-2023-3277)
673977 EulerOS Security Update for libxpm (EulerOS-SA-2024-1200)
674022 EulerOS Security Update for libx11 (EulerOS-SA-2023-3342)
674040 EulerOS Security Update for libx11 (EulerOS-SA-2024-1065)
691325 Free Berkeley Software Distribution (FreeBSD) Security Update for 11/libx11 Multiple Vulnerabilities (bd92f1ab-690c-11ee-9ed0-001fc69cd6dc)
755028 SUSE Enterprise Linux Security Update for libX11 (SUSE-SU-2023:3963-1)
755044 SUSE Enterprise Linux Security Update for libX11 (SUSE-SU-2023:3989-1)
907554 Common Base Linux Mariner (CBL-Mariner) Security Update for libX11 (31322-1)