Arbitrary Code Execution Vulnerability in libX11's XCreateImage() Function
CVE-2023-43787

7.8HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Vendor
CVE Published:
10 October 2023

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2023-43787?

A vulnerability in libX11 has been identified, stemming from an integer overflow issue within the XCreateImage() function. This flaw potentially allows local users to exploit the overflow and execute arbitrary code, which could lead to elevated privileges on the affected systems. Organizations using vulnerable versions of libX11 should take immediate steps to apply available patches and secure their environments against potential exploitation.

Affected Version(s)

Red Hat Enterprise Linux 8 0:1.6.8-8.el8

Red Hat Enterprise Linux 9 0:1.7.0-9.el9

News Articles

favicon imageJFrog

CVE-2023-43786 & CVE-2023-43787 Vulns in libX11: All You Need To Know

Learn all about the 35-year-old vulnerabilities found by our Security Team in libX11, causing a denial-of-service and remote code execution.

favicon imageJFrog

CVE-2023-43786 & CVE-2023-43787 Vulns in libX11: All You Need To Know

Learn all about the 35-year-old vulnerabilities found by our Security Team in libX11, causing a denial-of-service and remote code execution.

References

https://access.redhat.com/errata/RHSA-2024:2145
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2973
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-43787
vdb-entryx_refsource_REDHAT

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by JFrog

  • Vulnerability published

  • Vulnerability Reserved

.