ALAS-2014-452 ---- libX11 libXcursor libXfixes libXi libXrandr libXrender libXres libXt libXv libXvMC libXxf86dga libXxf86vm libdmx xorg-x11-proto-develID: oval:org.secpod.oval:def:1600008 | Date: (C)2016-01-19 (M)2022-10-10 |
Class: PATCH | Family: unix |
Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol data to an X11 server via a malicious X11 client could use either of these flaws to potentially escalate their privileges on the system. Multiple array index errors, leading to heap-based buffer out-of-bounds write flaws, were found in the way various X11 client libraries handled data returned from an X11 server. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. A buffer overflow flaw was found in the way the XListInputDevices function of X.Org X11"s libXi runtime library handled signed numbers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. A flaw was found in the way the X.Org X11 libXt runtime library used uninitialized pointers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. Two stack-based buffer overflow flaws were found in the way libX11, the Core X11 protocol client library, processed certain user-specified files. A malicious X11 server could possibly use this flaw to crash an X11 client via a specially crafted file
Platform: |
Amazon Linux AMI |
Product: |
libX11 |
libXcursor |
libXfixes |
libXi |
libXrandr |
libXrender |
libXres |
libXt |
libXv |
libXvMC |
libXxf86dga |
libXxf86vm |
libdmx |
xorg-x11-proto-devel |