FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libX11 -- Heap corruption in the X input method client in libX11

Affected packages
libX11 < 1.6.9_3,1

Details

VuXML ID 6faa7feb-d3fa-11ea-9aba-0c9d925bbbc0
Discovery 2020-07-31
Entry 2020-08-01

The X.org project reports:

The X Input Method (XIM) client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead to heap corruption when handling malformed messages from an input method.

References

CVE Name CVE-2020-14344
URL https://lists.x.org/archives/xorg-announce/2020-July/003050.html