CVE-2020-14363
libx11 - security update
7.8
HIGH
CVSS 3.1
EPSS 0.15%
Description
An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.
How to fix CVE-2020-14363
To remediate CVE-2020-14363, upgrade the affected package to a fixed version below.
- —upgrade to 1.6.12-r0 or later
- —upgrade to 2:1.6.12-1 or later
- —upgrade to 2:1.6.4-3+deb9u3 or later
Is CVE-2020-14363 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 1.6.12-r0
- from 0, < 2:1.6.12-1
- from 0, < 2:1.6.4-3+deb9u3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |