CVE-2020-14344 MEDIUM

CVE-2020-14344

Vendor The X11 Project
Product libX11
Weakness CWE-190
Published August 5, 2020
Last update August 4, 2024

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.

Key dates

02Disclosure timeline

August 5, 2020 CVE published
August 4, 2024 Record updated