CVE-2020-14363

Published: 9/11/2020 Last updated: 8/4/2024 Reserved: 6/17/2020

An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	7.8	High	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (2)

conf-libX11 raylib

Products affected (1)

Product	Vendor	Version
libX11	The X11 Project	< 1.4.10.6

References (12)

https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt
https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh
https://lists.x.org/archives/xorg-announce/2020-August/003056.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363
https://usn.ubuntu.com/4487-2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/
https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt
https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh
https://lists.x.org/archives/xorg-announce/2020-August/003056.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363
https://usn.ubuntu.com/4487-2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/