Security fixes for Oct. 3 advisory (!234) · Merge requests · xorg / lib / libX11 · GitLab

Alan Coopersmith requested to merge alanc/libx11:sec-fixes into master Oct 03, 2023

Alan Coopersmith (4):

CVE-2023-43785: out-of-bounds memory access in _XkbReadKeySyms()
CVE-2023-43786: stack exhaustion from infinite recursion in PutSubImage()
XPutImage: clip images to maximum height & width allowed by protocol
XCreatePixmap: trigger BadValue error for out-of-range dimensions

Yair Mizrahi (1):

CVE-2023-43787: Integer overflow in XCreateImage() leading to a heap overflow