Skip to content

Security fixes for Oct. 3 advisory

Alan Coopersmith requested to merge alanc/libx11:sec-fixes into master

Alan Coopersmith (4):

  • CVE-2023-43785: out-of-bounds memory access in _XkbReadKeySyms()
  • CVE-2023-43786: stack exhaustion from infinite recursion in PutSubImage()
  • XPutImage: clip images to maximum height & width allowed by protocol
  • XCreatePixmap: trigger BadValue error for out-of-range dimensions

Yair Mizrahi (1):

  • CVE-2023-43787: Integer overflow in XCreateImage() leading to a heap overflow

Merge request reports