CVE-2023-43787 Libx11: integer overflow in xcreateimage() leading to a heap overflow

🗓️ 10 Oct 2023 12:26:08Reported by redhatType

Integer overflow in Libx11 leading to heap overflo

Reporter	Title	Published	Views	Family All 194
GithubExploit	Exploit for Uncontrolled Resource Consumption in X.Org Libx11	16 Jan 202420:04	–	githubexploit
IBM Security Bulletins	Security Bulletin: App Connect Enterprise Certified Container UBI updates	2 Feb 202414:15	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Network Automation 2.7.4 addresses multiple security vulnerabilities	15 Apr 202502:42	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Cloud Pak for Multicloud Management	25 Jun 202520:04	–	ibm
Tenable Nessus	Amazon Linux 2023 : libXpm, libXpm-devel (ALAS2023-2023-382)	24 Oct 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : libX11, libX11-common, libX11-devel (ALAS2023-2023-383)	24 Oct 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : libXpm (ALAS-2023-2295)	20 Oct 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : libX11 (ALAS-2023-2296)	20 Oct 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : libX11 (ALAS-2023-1859)	25 Oct 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : libXpm (ALAS-2023-1875)	3 Nov 202300:00	–	nessus

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1.8.7",
        "versionType": "semver"
      }
    ],
    "packageName": "libX11",
    "collectionURL": "https://gitlab.freedesktop.org/xorg/lib/libx11",
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libX11",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.6.8-8.el8",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libX11",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.7.0-9.el9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libX11",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libX11",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2024:2973
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/security/cve/CVE-2023-43787
access	www.access.redhat.com/errata/RHSA-2024:2145

06 Nov 2025 22:59Current

8.2High risk

Vulners AI Score8.2

CVSS 3.17.8

EPSS0.00427

CWE-122