DescriptionMultiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-199-1, DSA-3224-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libx11 (PTS)buster2:1.6.7-1+deb10u2fixed
buster (security)2:1.6.7-1+deb10u4fixed
bullseye (security), bullseye2:1.7.2-1+deb11u2fixed
bookworm, bookworm (security)2:1.8.4-2+deb12u2fixed
sid, trixie2:1.8.7-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs

The following packages will be recompiled after the release of
the DSA for wheezy and the DLA for squeeze:
libxrender (1:0.9.7-1+deb7u2 / 0.9.6-1+squeeze1+build1)
libxi (TBD / 1.3-8+build1)
libxfixes (TBD / 4.0.5-1+squeeze1+build1)
libxrandr (TBD / 1.3.0-3+squeeze1+build1)
libsdl1.2 (TBD / 1.2.14-6.1+build1)
libxv (TBD / 1.0.5-1+squeeze1+build1)
libxp (TBD / 1.0.0.xsf1-2+squeeze1+build1)
libxext (TBD / 1.1.2-1+squeeze1+build1)
xserver-xorg-video-vmware (TBD / 11.0.1-2+build1)
cairo (TBD / 1.8.10-6+build1)
open-vm-tools (TBD / 8.4.2-261024-1+build1)
wine-gecko-1.4 (wheezy)
list completed by analyzing and

Search for package or bug name: Reporting problems