Published: 05/08/2020 Updated: 07/11/2023

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.

Vulnerable Product	Search on Vulmon	Subscribe to Product
x.org libx11
fedoraproject fedora 31
fedoraproject fedora 32
fedoraproject fedora 33
canonical ubuntu linux 18.04
canonical ubuntu linux 14.04
canonical ubuntu linux 20.04
canonical ubuntu linux 16.04
canonical ubuntu linux 12.04
opensuse leap 15.1
opensuse leap 15.2

A flaw was found in libX11 An integer overflow leading to a heap-buffer overflow occurs when setuid programs call XIM client functions while running with elevated privileges The highest threat from this vulnerability are to data confidentiality and integrity as well as system vulnerability (CVE-2020-14344) ...

The X Input Method (XIM) client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead to heap corruption when handling malformed messages from an input method ...

oss-sec mailing list archives   By Date By Thread </form>    Fwd: XOrg security advisory: July 31, 2020: libX11   From: Matthieu Herr ...

libx11_1.6.4 with proposed Fix poll_for_response race condition

libx11_164 bug fix This is the Ubuntu 1804 libx11_164 with the proposed Fix for the poll_for_response race condition bug The bug affects the following applications and desktops i have used so far Desktops lubuntu desktop LXDE desktop Applications Geany Leafpad pcmanfm Google Chrome Leafpad Crash screenshot Bug Steps to reproduce Boot Up your PC with Ubuntu and ent

CWE-190 https://lists.x.org/archives/xorg-announce/2020-July/003050.html https://www.openwall.com/lists/oss-security/2020/07/31/1 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344 http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html https://security.gentoo.org/glsa/202008-18 https://usn.ubuntu.com/4487-1/https://usn.ubuntu.com/4487-2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/https://nvd.nist.gov https://github.com/avafinger/libx11_1.6.4 https://alas.aws.amazon.com/AL2/ALAS-2021-1661.html

CVE-2020-14344

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect