Arbitrary Code Execution Vulnerability in libX11's XCreateImage() Function
CVE-2023-43787
7.8HIGH
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
- Vendor
- CVE Published:
- 10 October 2023
Badges
👾 Exploit Exists📰 News Worthy
Summary
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.
Affected Version(s)
Red Hat Enterprise Linux 8 <= 0:1.6.8-8.el8
Red Hat Enterprise Linux 9 <= 0:1.7.0-9.el9
News Articles
JFrog CVE-2023-43786CVE-2023-43787
CVE-2023-43786 & CVE-2023-43787 Vulns in libX11: All You Need To Know
Learn all about the 35-year-old vulnerabilities found by our Security Team in libX11, causing a denial-of-service and remote code execution.
8 months ago
JFrog CVE-2023-43787CVE-2023-43786
CVE-2023-43786 & CVE-2023-43787 Vulns in libX11: All You Need To Know
Learn all about the 35-year-old vulnerabilities found by our Security Team in libX11, causing a denial-of-service and remote code execution.
8 months ago
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
- 👾
Exploit exists.
First article discovered by JFrog
Vulnerability published.
Reported to Red Hat.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database2 News Article(s)