Vulnerability CVE-2023-43787: Information

Description

A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-43787
Published: Oct. 10, 2023
Modified: April 30, 2024
Error type identifier: CWE-190

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libX11sisyphus1.8.7-alt11.8.8-alt1ALT-PU-2023-6107-1330921Fixed
libX11sisyphus_e2k1.8.7-alt11.8.8-alt1ALT-PU-2023-6142-1-Fixed
libX11sisyphus_riscv641.8.7-alt11.8.8-alt1ALT-PU-2023-6131-1-Fixed
libX11p101.8.7-alt11.8.7-alt1ALT-PU-2023-6109-2330924Fixed
libX11p10_e2k1.8.7-alt11.8.7-alt1ALT-PU-2023-6987-1-Fixed
libX11c10f11.8.7-alt11.8.7-alt1ALT-PU-2023-6468-2332139Fixed
libX11c9f21.8.7-alt11.8.7-alt1ALT-PU-2023-6146-3330988Fixed
libXpmsisyphus3.5.17-alt13.5.17-alt1ALT-PU-2023-6106-2330921Fixed
libXpmsisyphus_e2k3.5.17-alt13.5.17-alt1ALT-PU-2023-6141-1-Fixed
libXpmsisyphus_riscv643.5.17-alt13.5.17-alt1ALT-PU-2023-6130-1-Fixed
libXpmp103.5.17-alt13.5.17-alt1ALT-PU-2023-6108-3330924Fixed
libXpmp10_e2k3.5.17-alt13.5.17-alt1ALT-PU-2023-6986-1-Fixed
libXpmc10f13.5.17-alt13.5.17-alt1ALT-PU-2023-6469-3332139Fixed
libXpmc9f23.5.17-alt13.5.17-alt1ALT-PU-2023-6144-4330988Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://access.redhat.com/security/cve/CVE-2023-43787
  • Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2242254
  • Issue Tracking
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20231103-0006/
    http://www.openwall.com/lists/oss-security/2024/01/24/9
      https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/
        RHSA-2024:2145

            1. Configuration 1

              cpe:2.3:a:x.org:libx11:*:*:*:*:*:*:*:*
              End excliding
              1.8.7

              Configuration 2

              cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
              cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

              Configuration 3

              cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
          VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
          Version: v24.5.1
          Back to top