CVE-2023-43787

🗓️ 10 Oct 2023 12:26:08Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 509 Views

A vulnerability in libX11 due to integer overflow in XCreateImage(

Reporter	Title	Published	Views	Family All 193
GithubExploit	Exploit for Uncontrolled Resource Consumption in X.Org Libx11	16 Jan 202420:04	–	githubexploit
IBM Security Bulletins	Security Bulletin: App Connect Enterprise Certified Container UBI updates	2 Feb 202414:15	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Network Automation 2.7.4 addresses multiple security vulnerabilities	15 Apr 202502:42	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Cloud Pak for Multicloud Management	25 Jun 202520:04	–	ibm
Tenable Nessus	Amazon Linux 2023 : libXpm, libXpm-devel (ALAS2023-2023-382)	24 Oct 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : libX11, libX11-common, libX11-devel (ALAS2023-2023-383)	24 Oct 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : libXpm (ALAS-2023-2295)	20 Oct 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : libX11 (ALAS-2023-2296)	20 Oct 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : libX11 (ALAS-2023-1859)	25 Oct 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : libXpm (ALAS-2023-1875)	3 Nov 202300:00	–	nessus

NVD

Node

x.org libx11Range<1.8.7

Node

redhat enterprise_linuxMatch8.0

redhat enterprise_linuxMatch9.0

Node

fedoraproject fedoraMatch38

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1.8.7",
        "versionType": "semver"
      }
    ],
    "packageName": "libX11",
    "collectionURL": "https://gitlab.freedesktop.org/xorg/lib/libx11",
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libX11",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.6.8-8.el8",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libX11",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.7.0-9.el9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libX11",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libX11",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2024:2973
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/security/cve/CVE-2023-43787
access	www.access.redhat.com/errata/RHSA-2024:2145
jfrog	www.jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/
lists	www.lists.debian.org/debian-lts-announce/2023/10/msg00005.html
openwall	www.openwall.com/lists/oss-security/2024/01/24/9
security	www.security.netapp.com/advisory/ntap-20231103-0006/

06 Nov 2025 22:59Current

8.2High risk

Vulners AI Score8.2

CVSS 3.17.8

EPSS0.00042

SSVC