{"id":"MGASA-2023-0287","summary":"Updated libX11 packages fix security vulnerabilities","details":"A vulnerability was found in libX11 due to a boundary condition within\nthe _XkbReadKeySyms() function. This flaw allows a local user to trigger\nan out-of-bounds read error and read the contents of memory on the\nsystem. (CVE-2023-43785)\n\nA vulnerability was found in libX11 due to an infinite loop within the\nPutSubImage() function. This flaw allows a local user to consume all\navailable system resources and cause a denial of service condition.\n(CVE-2023-43786)\n\nA vulnerability was found in libX11 due to an integer overflow within\nthe XCreateImage() function. This flaw allows a local user to trigger an\ninteger overflow and execute arbitrary code with elevated privileges.\n(CVE-2023-43787)\n","modified":"2026-02-01T09:55:52.884165Z","published":"2023-10-13T22:56:51Z","related":["CVE-2023-43785","CVE-2023-43786","CVE-2023-43787"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0287.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32358"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2023/10/03/1"}],"affected":[{"package":{"name":"libx11","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/libx11?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.0-1.5.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0287.json"}},{"package":{"name":"libx11","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/libx11?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.6-1.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0287.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}