Arbitrary Code Execution Vulnerability in libX11's XCreateImage() Function
CVE-2023-43787

7.8HIGH

Key Information:

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2023-43787?

A vulnerability in libX11 has been identified, stemming from an integer overflow issue within the XCreateImage() function. This flaw potentially allows local users to exploit the overflow and execute arbitrary code, which could lead to elevated privileges on the affected systems. Organizations using vulnerable versions of libX11 should take immediate steps to apply available patches and secure their environments against potential exploitation.

Affected Version(s)

Red Hat Enterprise Linux 8 0:1.6.8-8.el8

Red Hat Enterprise Linux 9 0:1.7.0-9.el9

News Articles

CVE-2023-43786 & CVE-2023-43787 Vulns in libX11: All You Need To Know

Learn all about the 35-year-old vulnerabilities found by our Security Team in libX11, causing a denial-of-service and remote code execution.

CVE-2023-43786 & CVE-2023-43787 Vulns in libX11: All You Need To Know

Learn all about the 35-year-old vulnerabilities found by our Security Team in libX11, causing a denial-of-service and remote code execution.

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by JFrog

  • Vulnerability published

  • Vulnerability Reserved

.