X.Org libX11 security advisory: August 25, 2020

Matthieu Herrb matthieu at herrb.eu
Tue Aug 25 15:18:33 UTC 2020


Double free in libX11 locale handling code
==========================================

CVE-2020-14363

There is an integer overflow and a double free vulnerability in the way
LibX11 handles locales. The integer overflow is a necessary precursor to
the double free.

Patches
-------

A Patch for this issue has been committed to the libX11 git repository.
libX11 1.6.12 will be released shortly and will include this patch.

https://gitlab.freedesktop.org/xorg/lib/libx11


commit acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d (HEAD -> master)

    Fix an integer overflow in init_om()
    
    CVE-2020-14363
    
    This can lead to a double free later, as reported by Jayden Rivers.
    

Thanks
------

X.Org thanks Jayden Rivers for reporting this issue to our security
team and assisting them in understanding them and providing fixes.

-- 
Matthieu Herrb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.x.org/archives/xorg-devel/attachments/20200825/028e367f/attachment.sig>


More information about the xorg-devel mailing list