Carding 4 Carders
Professional
Published information about five vulnerabilities in the libX11 and libXpm libraries developed by the project X.Org. The issues were fixed in libXpm 3.5.17 and libX11 1.8.7. Three vulnerabilities were identified in the libX11 library, which offers functions with a client implementation of the X11 protocol:
• CVE-2023-43785 - buffer overflow in libX11 code, which occurs when processing a response from the X server with a number of characters that do not match the previously sent XkbGetMap request. The vulnerability is caused by a bug in X11R6. 1 that has existed since 1996. The vulnerability can be exploited by connecting an application using libX11 to a malicious X server or an intermediate proxy controlled by an attacker.
• CVE-2023-43786 - stack exhaustion as a result of infinite recursion in the PutSubImage() function in libX11, which occurs when processing specially designed data in XPM format. The vulnerability has existed since the release of X11R2 in February 1988.
• CVE-2023-43787 - integer overflow in the XCreateImage() function in libX11, which causes a heap overflow due to an error in calculating a size that does not correspond to the actual data size. The problematic XCreateImage() function is called from the XpmReadFileToPixmap () function, which allows you to exploit the vulnerability when processing a specially designed file in XPM format. The vulnerability also exists since X11R2 (1988).
In addition, two vulnerabilities in the libXpm library (CVE-2023-43788 and CVE-2023-43789) were disclosed, caused by the ability to read from areas outside the allocated memory boundaries. Problems occur when loading a comment from an in-memory buffer and processing an XPM file with an incorrect color map. Both vulnerabilities date back to 1998 and were found thanks to the use of AddressSanitizer and libFuzzer tools for detecting memory errors and fuzzing testing.
X.org It has historical security issues, for example, ten years ago, at the 30th Chaos Communication Congress (CCC), security researcher Ilja van Sprundel presented half of the presentation on server problems X.Org, and the other half of the security of X11 client libraries. Ilya's report, which in 2013 revealed 30 vulnerabilities affecting various X11 client libraries, as well as Mesa DRI components, included such emotional statements as "GLX is a terrible demotivator! 80,000 lines of sheer horror!" and "I've found 120 errors in it in the last couple of months, and I haven't finished checking it yet."
• CVE-2023-43785 - buffer overflow in libX11 code, which occurs when processing a response from the X server with a number of characters that do not match the previously sent XkbGetMap request. The vulnerability is caused by a bug in X11R6. 1 that has existed since 1996. The vulnerability can be exploited by connecting an application using libX11 to a malicious X server or an intermediate proxy controlled by an attacker.
• CVE-2023-43786 - stack exhaustion as a result of infinite recursion in the PutSubImage() function in libX11, which occurs when processing specially designed data in XPM format. The vulnerability has existed since the release of X11R2 in February 1988.
• CVE-2023-43787 - integer overflow in the XCreateImage() function in libX11, which causes a heap overflow due to an error in calculating a size that does not correspond to the actual data size. The problematic XCreateImage() function is called from the XpmReadFileToPixmap () function, which allows you to exploit the vulnerability when processing a specially designed file in XPM format. The vulnerability also exists since X11R2 (1988).
In addition, two vulnerabilities in the libXpm library (CVE-2023-43788 and CVE-2023-43789) were disclosed, caused by the ability to read from areas outside the allocated memory boundaries. Problems occur when loading a comment from an in-memory buffer and processing an XPM file with an incorrect color map. Both vulnerabilities date back to 1998 and were found thanks to the use of AddressSanitizer and libFuzzer tools for detecting memory errors and fuzzing testing.
X.org It has historical security issues, for example, ten years ago, at the 30th Chaos Communication Congress (CCC), security researcher Ilja van Sprundel presented half of the presentation on server problems X.Org, and the other half of the security of X11 client libraries. Ilya's report, which in 2013 revealed 30 vulnerabilities affecting various X11 client libraries, as well as Mesa DRI components, included such emotional statements as "GLX is a terrible demotivator! 80,000 lines of sheer horror!" and "I've found 120 errors in it in the last couple of months, and I haven't finished checking it yet."
