CVE-2018-14600

Name
CVE-2018-14600
Description
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory https://lists.x.org/archives/xorg-announce/2018-August/002916.html
Patch https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=dbf72805fd9d7b1846fe9a11b46f3994bfc27fea
Issue Tracking https://bugzilla.suse.com/show_bug.cgi?id=1102068
Mailing List http://www.openwall.com/lists/oss-security/2018/08/21/6
Third Party Advisory http://www.securitytracker.com/id/1041543
Mailing List https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html
Third Party Advisory https://usn.ubuntu.com/3758-2/
Third Party Advisory http://www.securityfocus.com/bid/105177
Third Party Advisory https://usn.ubuntu.com/3758-1/
Third Party Advisory https://security.gentoo.org/glsa/201811-01
REDHAT https://access.redhat.com/errata/RHSA-2019:2079

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:x.org:libx11:*:*:*:*:*:*:*:* libx11 >= None <= 1.6.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status