Published: 03/11/2006 Updated: 07/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.

Vulnerable Product	Search on Vulmon	Subscribe to Product
x.org libx11 1.0.2
x.org libx11 1.0.3

Debian Bug report logs - #398460 CVE-2006-5397: libX11 XCOMPOSEFILE File Descriptor Leak Package: libx11-6; Maintainer for libx11-6 is Debian X Strike Force <debian-x@listsdebianorg>; Source for libx11-6 is src:libx11 (PTS, buildd, popcon) Reported by: Stefan Fritsch <sf@sfritschde> Date: Mon, 13 Nov 2006 21:50:26 ...

NVD-CWE-Other https://bugs.freedesktop.org/show_bug.cgi?id=8699 http://secunia.com/advisories/22642 http://www.securityfocus.com/bid/20845 http://secunia.com/advisories/22749 http://www.mandriva.com/security/advisories?name=MDKSA-2006:199 http://www.vupen.com/english/advisories/2006/4289 https://exchange.xforce.ibmcloud.com/vulnerabilities/29956 http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git%3Ba=commit%3Bh=686bb8b35acf6cecae80fe89b2b5853f5816ce19 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=398460 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-5397

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect