An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).
| Product | Vendor | Version |
|---|---|---|
| n/a | n/a | 22.0 ap359470 |