Description
An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.
References (6)
Core 6
Core References
Third Party Advisory x_refsource_misc
https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt
Exploit, Third Party Advisory x_refsource_misc
https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh
Vendor Advisory x_refsource_misc
https://lists.x.org/archives/xorg-announce/2020-August/003056.html
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4487-2/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/
Scores
CVSS v3
7.8
EPSS
0.0057
EPSS Percentile
42.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
CWE-416
Status
published
Products (2)
fedoraproject/fedora
33
x.org/libx11
< 1.6.12
Published
Sep 11, 2020
Tracked Since
Feb 18, 2026