{"api_version":"1","generated_at":"2026-04-22T22:58:01+00:00","cve":"CVE-2020-14363","urls":{"html":"https://cve.report/CVE-2020-14363","api":"https://cve.report/api/cve/CVE-2020-14363.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-14363","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-14363"},"summary":{"title":"CVE-2020-14363","description":"An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2020-09-11 18:15:00","updated_at":"2023-11-07 03:17:00"},"problem_types":["CWE-190"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/","name":"FEDORA-2020-cf0afbd27e","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 33 Update: libX11-1.6.12-1.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh","name":"https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh","refsource":"MISC","tags":[],"title":"Exploits/x11doublefree.sh at master · Ruia-ruia/Exploits · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt","name":"https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt","refsource":"MISC","tags":[],"title":"Exploits/DFX11details.txt at master · Ruia-ruia/Exploits · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/","name":"FEDORA-2020-cf0afbd27e","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: libX11-1.6.12-1.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363","refsource":"CONFIRM","tags":["Issue Tracking","Third Party Advisory"],"title":"1872473 – (CVE-2020-14363) CVE-2020-14363 libX11: integer overflow leads to double free in locale handling","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.x.org/archives/xorg-announce/2020-August/003056.html","name":"https://lists.x.org/archives/xorg-announce/2020-August/003056.html","refsource":"MISC","tags":["Vendor Advisory"],"title":"X.Org libX11 security advisory: August 25, 2020","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4487-2/","name":"USN-4487-2","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-4487-2: libx11 vulnerabilities | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-14363","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14363","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"14363","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14363","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"x.org","cpe5":"libx11","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14363","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"x.org","cpe5":"libx11","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-14363","qid":"159217","title":"Oracle Enterprise Linux Security Update for userspace graphics, xorg-x11, and mesa (ELSA-2021-1804)"},{"cve":"CVE-2020-14363","qid":"239300","title":"Red Hat Update for userspace graphics, xorg-x11, and mesa (RHSA-2021:1804)"},{"cve":"CVE-2020-14363","qid":"352377","title":"Amazon Linux Security Advisory for libX11: AL2012-2020-330"},{"cve":"CVE-2020-14363","qid":"377028","title":"Alibaba Cloud Linux Security Update for libx11 (ALINUX2-SA-2020:0177)"},{"cve":"CVE-2020-14363","qid":"377380","title":"Alibaba Cloud Linux Security Update for userspace graphics, xorg-x11, and mesa (ALINUX3-SA-2022:0087)"},{"cve":"CVE-2020-14363","qid":"377568","title":"Alibaba Cloud Linux Security Update for userspace graphics, xorg-x11, and mesa (ALINUX3-SA-2022:0114)"},{"cve":"CVE-2020-14363","qid":"378324","title":"Virtuozzo Linux Security Update for libX11 (VZLSA-2020:4946)"},{"cve":"CVE-2020-14363","qid":"500334","title":"Alpine Linux Security Update for libx11"},{"cve":"CVE-2020-14363","qid":"504098","title":"Alpine Linux Security Update for libx11"},{"cve":"CVE-2020-14363","qid":"690433","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for libx11 (8da79498-e6f6-11ea-8cbf-54e1ad3d6335)"},{"cve":"CVE-2020-14363","qid":"940098","title":"AlmaLinux Security Update for userspace (ALSA-2021:1804)"},{"cve":"CVE-2020-14363","qid":"960449","title":"Rocky Linux Security Update for userspace (RLSA-2021:1804)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-14363","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"The X11 Project","product":{"product_data":[{"product_name":"libX11","version":{"version_data":[{"version_value":"1.6.12"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-190"}]},{"description":[{"lang":"eng","value":"CWE-416"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt","url":"https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt"},{"refsource":"MISC","name":"https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh","url":"https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh"},{"url":"https://lists.x.org/archives/xorg-announce/2020-August/003056.html","refsource":"MISC","name":"https://lists.x.org/archives/xorg-announce/2020-August/003056.html"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363","refsource":"CONFIRM"},{"refsource":"UBUNTU","name":"USN-4487-2","url":"https://usn.ubuntu.com/4487-2/"},{"refsource":"FEDORA","name":"FEDORA-2020-cf0afbd27e","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/"}]},"description":{"description_data":[{"lang":"eng","value":"An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability."}]},"impact":{"cvss":[[{"vectorString":"7.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.0"}]]}},"nvd":{"publishedDate":"2020-09-11 18:15:00","lastModifiedDate":"2023-11-07 03:17:00","problem_types":["CWE-190"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:x.org:libx11:*:*:*:*:*:*:*:*","versionEndExcluding":"1.6.12","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"14363","Ordinal":"175593","Title":"CVE-2020-14363","CVE":"CVE-2020-14363","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"14363","Ordinal":"1","NoteData":"An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"14363","Ordinal":"2","NoteData":"2020-09-11","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"14363","Ordinal":"3","NoteData":"2020-09-29","Type":"Other","Title":"Modified"}]}}}