CVE-2020-14363

NameCVE-2020-14363
DescriptionAn integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2361-1
NVD severitymedium
Debian Bugs969008

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libx11 (PTS)stretch2:1.6.4-3+deb9u1vulnerable
stretch (security)2:1.6.4-3+deb9u3fixed
buster2:1.6.7-1+deb10u1fixed
bullseye, sid2:1.6.12-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libx11sourcestretch2:1.6.4-3+deb9u3DLA-2361-1
libx11sourcebuster2:1.6.7-1+deb10u1
libx11source(unstable)(unfixed)969008

Notes

https://lists.x.org/archives/xorg-announce/2020-August/003056.html
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d

Search for package or bug name: Reporting problems