Arbitrary Code Execution Vulnerability in libX11's XCreateImage() Function

CVE-2023-43787

7.8HIGH

Key Information

Vendor: Red Hat
Status: Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7
Vendor: CVE Published:; 10 October 2023

Badges

👾 Exploit Exists📰 News Worthy

Summary

A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.

Affected Version(s)

Red Hat Enterprise Linux 8 <= 0:1.6.8-8.el8

Red Hat Enterprise Linux 9 <= 0:1.7.0-9.el9

News Articles

CVE-2023-43786CVE-2023-43787

CVE-2023-43786 & CVE-2023-43787 Vulns in libX11: All You Need To Know

Learn all about the 35-year-old vulnerabilities found by our Security Team in libX11, causing a denial-of-service and remote code execution.

8 months ago

thmubnail image

CVE-2023-43787CVE-2023-43786

CVE-2023-43786 & CVE-2023-43787 Vulns in libX11: All You Need To Know

Learn all about the 35-year-old vulnerabilities found by our Security Team in libX11, causing a denial-of-service and remote code execution.

8 months ago

thmubnail image

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Sep 17, 2024
First article discovered by JFrog
Jan 24, 2024
Vulnerability published.
Oct 10, 2023
Reported to Red Hat.
Oct 5, 2023
Vulnerability Reserved.
Sep 22, 2023

Collectors

NVD DatabaseMitre Database2 News Article(s)

.