DescriptionMultiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-199-1, DSA-3224-1
NVD severityhigh (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libx11 (PTS)jessie2:1.6.2-3+deb8u1fixed
jessie (security)2:1.6.2-3+deb8u2fixed
buster, bullseye, sid2:1.6.7-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs

The following packages will be recompiled after the release of
the DSA for wheezy and the DLA for squeeze:
libxrender (1:0.9.7-1+deb7u2 / 0.9.6-1+squeeze1+build1)
libxi (TBD / 1.3-8+build1)
libxfixes (TBD / 4.0.5-1+squeeze1+build1)
libxrandr (TBD / 1.3.0-3+squeeze1+build1)
libsdl1.2 (TBD / 1.2.14-6.1+build1)
libxv (TBD / 1.0.5-1+squeeze1+build1)
libxp (TBD / 1.0.0.xsf1-2+squeeze1+build1)
libxext (TBD / 1.1.2-1+squeeze1+build1)
xserver-xorg-video-vmware (TBD / 11.0.1-2+build1)
cairo (TBD / 1.8.10-6+build1)
open-vm-tools (TBD / 8.4.2-261024-1+build1)
wine-gecko-1.4 (wheezy)
list completed by analyzing and

Search for package or bug name: Reporting problems