CVE-2023-5367
HIGHX.Org Server - Out-of-bounds Write in XIChangeDeviceProperty and RRChangeOutputProperty
Title source: llmDescription
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
References (32)
Core 32
Core References
Patch, Vendor Advisory
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
Vendor Advisory
https://security.netapp.com/advisory/ntap-20231130-0004/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/4YBK3I6SETHETBHDETFWM3VSZUQICIDV/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/L2RMNR4235YXZZQ2X7Q4MTOZDMZ7BBQU/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/SEDJN4VFN57K5POOC7BNVD6L6WUUCSG6/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/
Third Party Advisory
https://www.debian.org/security/2023/dsa-5534
Third Party Advisory
https://security.gentoo.org/glsa/202401-30
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:6802
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:6808
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:7373
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:7388
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:7405
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:7428
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:7436
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:7526
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:7533
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:0010
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:0128
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2169
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2170
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2995
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2996
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:12751
Third Party Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-5367
Issue Tracking, Third Party Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2243091
Scores
CVSS v3
7.8
EPSS
0.0006
EPSS Percentile
19.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (17)
debian/debian_linux
11.0
debian/debian_linux
12.0
fedoraproject/fedora
37
fedoraproject/fedora
38
fedoraproject/fedora
39
redhat/enterprise_linux
7.0
redhat/enterprise_linux
8.0
redhat/enterprise_linux
9.0
redhat/enterprise_linux_desktop
7.0
redhat/enterprise_linux_for_ibm_z_systems
7.0_s390x
... and 7 more
Published
Oct 25, 2023
Tracked Since
Feb 18, 2026