rpm package
suse/xorg-x11-libX11&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/xorg-x11-libX11&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-14600 | — | < 7.4-5.11.72.9.1 | 7.4-5.11.72.9.1 | Aug 24, 2018 | An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution. | ||
| CVE-2018-14599 | — | < 7.4-5.11.72.9.1 | 7.4-5.11.72.9.1 | Aug 24, 2018 | An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact. | ||
| CVE-2018-14598 | — | < 7.4-5.11.72.9.1 | 7.4-5.11.72.9.1 | Aug 24, 2018 | An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault). | ||
| CVE-2016-7942 | Cri | 9.8 | < 7.4-5.11.65.1 | 7.4-5.11.65.1 | Dec 13, 2016 | The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations. | |
| CVE-2013-7439 | — | < 7.4-5.11.15.1 | 7.4-5.11.15.1 | Apr 16, 2015 | Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow. | ||
| CVE-2013-1997 | — | < 7.4-5.11.68.1 | 7.4-5.11.68.1 | Jun 15, 2013 | Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShap |
- CVE-2018-14600Aug 24, 2018affected < 7.4-5.11.72.9.1fixed 7.4-5.11.72.9.1
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.
- CVE-2018-14599Aug 24, 2018affected < 7.4-5.11.72.9.1fixed 7.4-5.11.72.9.1
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.
- CVE-2018-14598Aug 24, 2018affected < 7.4-5.11.72.9.1fixed 7.4-5.11.72.9.1
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).
- affected < 7.4-5.11.65.1fixed 7.4-5.11.65.1
The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations.
- CVE-2013-7439Apr 16, 2015affected < 7.4-5.11.15.1fixed 7.4-5.11.15.1
Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.
- CVE-2013-1997Jun 15, 2013affected < 7.4-5.11.68.1fixed 7.4-5.11.68.1
Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShap