CVE-2018-14599

An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
x.orglibx11
𝑥
≤ 1.6.5
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
debiandebian_linux
8.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libx11
bookworm
2:1.8.4-2+deb12u2
fixed
bookworm (security)
2:1.8.4-2+deb12u2
fixed
bullseye
2:1.7.2-1+deb11u2
fixed
bullseye (security)
2:1.7.2-1+deb11u2
fixed
sid
2:1.8.10-2
fixed
trixie
2:1.8.7-1
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libx11
bionic
Fixed 2:1.6.4-3ubuntu0.1
released
trusty
Fixed 2:1.6.2-1ubuntu2.1
released
xenial
Fixed 2:1.6.3-1ubuntu2.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libX11-6
suse enterprise desktop 15
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP1
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP2
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP3
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP4
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP5
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP6
1.8.7-150600.1.2
fixed
suse enterprise desktop 15 SP7
1.8.10-150700.2.1
fixed
suse enterprise sap 12 SP3
1.6.2-12.5.1
fixed
suse enterprise sap 12 SP5
1.6.2-12.5.1
fixed
suse enterprise sap 15
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP1
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP2
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP3
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP4
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP5
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP6
1.8.7-150600.1.2
fixed
suse enterprise sap 15 SP7
1.8.10-150700.2.1
fixed
suse enterprise server 12 SP3
1.6.2-12.5.1
fixed
suse enterprise server 12 SP4
1.6.2-12.5.1
fixed
suse enterprise server 12 SP5
1.6.2-12.5.1
fixed
suse enterprise server 15
1.6.5-3.3.1
fixed
suse enterprise server 15 SP1
1.6.5-3.3.1
fixed
suse enterprise server 15 SP2
1.6.5-3.3.1
fixed
suse enterprise server 15 SP3
1.6.5-3.3.1
fixed
suse enterprise server 15 SP4
1.6.5-3.3.1
fixed
suse enterprise server 15 SP5
1.6.5-3.3.1
fixed
suse enterprise server 15 SP6
1.8.7-150600.1.2
fixed
suse enterprise server 15 SP7
1.8.10-150700.2.1
fixed
libX11-6-32bit
suse enterprise desktop 15
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP1
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP2
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP3
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP4
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP5
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP6
1.8.7-150600.1.2
fixed
suse enterprise desktop 15 SP7
1.8.10-150700.2.1
fixed
suse enterprise sap 12 SP3
1.6.2-12.5.1
fixed
suse enterprise sap 12 SP5
1.6.2-12.5.1
fixed
suse enterprise sap 15
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP1
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP2
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP3
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP4
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP5
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP6
1.8.7-150600.1.2
fixed
suse enterprise sap 15 SP7
1.8.10-150700.2.1
fixed
suse enterprise server 12 SP3
1.6.2-12.5.1
fixed
suse enterprise server 12 SP4
1.6.2-12.5.1
fixed
suse enterprise server 12 SP5
1.6.2-12.5.1
fixed
suse enterprise server 15
1.6.5-3.3.1
fixed
suse enterprise server 15 SP1
1.6.5-3.3.1
fixed
suse enterprise server 15 SP2
1.6.5-3.3.1
fixed
suse enterprise server 15 SP3
1.6.5-3.3.1
fixed
suse enterprise server 15 SP4
1.6.5-3.3.1
fixed
suse enterprise server 15 SP5
1.6.5-3.3.1
fixed
suse enterprise server 15 SP6
1.8.7-150600.1.2
fixed
suse enterprise server 15 SP7
1.8.10-150700.2.1
fixed
libX11-data
suse enterprise desktop 15
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP1
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP2
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP3
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP4
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP5
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP6
1.8.7-150600.1.2
fixed
suse enterprise desktop 15 SP7
1.8.10-150700.2.1
fixed
suse enterprise sap 12 SP3
1.6.2-12.5.1
fixed
suse enterprise sap 12 SP5
1.6.2-12.5.1
fixed
suse enterprise sap 15
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP1
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP2
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP3
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP4
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP5
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP6
1.8.7-150600.1.2
fixed
suse enterprise sap 15 SP7
1.8.10-150700.2.1
fixed
suse enterprise server 12 SP3
1.6.2-12.5.1
fixed
suse enterprise server 12 SP4
1.6.2-12.5.1
fixed
suse enterprise server 12 SP5
1.6.2-12.5.1
fixed
suse enterprise server 15
1.6.5-3.3.1
fixed
suse enterprise server 15 SP1
1.6.5-3.3.1
fixed
suse enterprise server 15 SP2
1.6.5-3.3.1
fixed
suse enterprise server 15 SP3
1.6.5-3.3.1
fixed
suse enterprise server 15 SP4
1.6.5-3.3.1
fixed
suse enterprise server 15 SP5
1.6.5-3.3.1
fixed
suse enterprise server 15 SP6
1.8.7-150600.1.2
fixed
suse enterprise server 15 SP7
1.8.10-150700.2.1
fixed
libX11-devel
suse enterprise desktop 15
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP1
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP2
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP3
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP4
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP5
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP6
1.8.7-150600.1.2
fixed
suse enterprise desktop 15 SP7
1.8.10-150700.2.1
fixed
suse enterprise sap 15
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP1
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP2
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP3
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP4
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP5
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP6
1.8.7-150600.1.2
fixed
suse enterprise sap 15 SP7
1.8.10-150700.2.1
fixed
suse enterprise server 15
1.6.5-3.3.1
fixed
suse enterprise server 15 SP1
1.6.5-3.3.1
fixed
suse enterprise server 15 SP2
1.6.5-3.3.1
fixed
suse enterprise server 15 SP3
1.6.5-3.3.1
fixed
suse enterprise server 15 SP4
1.6.5-3.3.1
fixed
suse enterprise server 15 SP5
1.6.5-3.3.1
fixed
suse enterprise server 15 SP6
1.8.7-150600.1.2
fixed
suse enterprise server 15 SP7
1.8.10-150700.2.1
fixed
libX11-xcb1
suse enterprise desktop 15
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP1
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP2
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP3
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP4
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP5
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP6
1.8.7-150600.1.2
fixed
suse enterprise desktop 15 SP7
1.8.10-150700.2.1
fixed
suse enterprise sap 12 SP3
1.6.2-12.5.1
fixed
suse enterprise sap 12 SP5
1.6.2-12.5.1
fixed
suse enterprise sap 15
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP1
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP2
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP3
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP4
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP5
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP6
1.8.7-150600.1.2
fixed
suse enterprise sap 15 SP7
1.8.10-150700.2.1
fixed
suse enterprise server 12 SP3
1.6.2-12.5.1
fixed
suse enterprise server 12 SP4
1.6.2-12.5.1
fixed
suse enterprise server 12 SP5
1.6.2-12.5.1
fixed
suse enterprise server 15
1.6.5-3.3.1
fixed
suse enterprise server 15 SP1
1.6.5-3.3.1
fixed
suse enterprise server 15 SP2
1.6.5-3.3.1
fixed
suse enterprise server 15 SP3
1.6.5-3.3.1
fixed
suse enterprise server 15 SP4
1.6.5-3.3.1
fixed
suse enterprise server 15 SP5
1.6.5-3.3.1
fixed
suse enterprise server 15 SP6
1.8.7-150600.1.2
fixed
suse enterprise server 15 SP7
1.8.10-150700.2.1
fixed
libX11-xcb1-32bit
suse enterprise desktop 15
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP1
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP2
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP3
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP4
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP5
1.6.5-3.3.1
fixed
suse enterprise desktop 15 SP6
1.8.7-150600.1.2
fixed
suse enterprise desktop 15 SP7
1.8.10-150700.2.1
fixed
suse enterprise sap 12 SP3
1.6.2-12.5.1
fixed
suse enterprise sap 12 SP5
1.6.2-12.5.1
fixed
suse enterprise sap 15
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP1
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP2
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP3
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP4
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP5
1.6.5-3.3.1
fixed
suse enterprise sap 15 SP6
1.8.7-150600.1.2
fixed
suse enterprise sap 15 SP7
1.8.10-150700.2.1
fixed
suse enterprise server 12 SP3
1.6.2-12.5.1
fixed
suse enterprise server 12 SP4
1.6.2-12.5.1
fixed
suse enterprise server 12 SP5
1.6.2-12.5.1
fixed
suse enterprise server 15
1.6.5-3.3.1
fixed
suse enterprise server 15 SP1
1.6.5-3.3.1
fixed
suse enterprise server 15 SP2
1.6.5-3.3.1
fixed
suse enterprise server 15 SP3
1.6.5-3.3.1
fixed
suse enterprise server 15 SP4
1.6.5-3.3.1
fixed
suse enterprise server 15 SP5
1.6.5-3.3.1
fixed
suse enterprise server 15 SP6
1.8.7-150600.1.2
fixed
suse enterprise server 15 SP7
1.8.10-150700.2.1
fixed
libxcb-dri2-0
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
libxcb-dri2-0-32bit
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
libxcb-dri3-0
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
libxcb-dri3-0-32bit
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
libxcb-glx0
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
libxcb-glx0-32bit
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
libxcb-present0
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
libxcb-present0-32bit
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
libxcb-randr0
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
libxcb-render0
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
libxcb-render0-32bit
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
libxcb-shape0
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
libxcb-shm0
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
libxcb-shm0-32bit
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
libxcb-sync1
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
libxcb-sync1-32bit
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
libxcb-xf86dri0
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
libxcb-xfixes0
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
libxcb-xfixes0-32bit
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
libxcb-xinerama0
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
libxcb-xkb1
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
libxcb-xkb1-32bit
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
libxcb-xv0
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
libxcb1
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
libxcb1-32bit
suse enterprise sap 12 SP3
1.10-4.3.1
fixed
suse enterprise server 12 SP3
1.10-4.3.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
gdm
RHEL 7
1:3.28.2-16.el7
fixed
gdm-devel
RHEL 7
1:3.28.2-16.el7
fixed
gdm-pam-extensions-devel
RHEL 7
1:3.28.2-16.el7
fixed
libX11
RHEL 7
0:1.6.7-2.el7
fixed
libX11-common
RHEL 7
0:1.6.7-2.el7
fixed
libX11-devel
RHEL 7
0:1.6.7-2.el7
fixed
libxkbcommon
RHEL 7
0:0.7.1-3.el7
fixed
libxkbcommon-devel
RHEL 7
0:0.7.1-3.el7
fixed
libxkbcommon-x11
RHEL 7
0:0.7.1-3.el7
fixed
libxkbcommon-x11-devel
RHEL 7
0:0.7.1-3.el7
fixed
mesa-libGLw
RHEL 7
0:8.0.0-5.el7
fixed
mesa-libGLw-devel
RHEL 7
0:8.0.0-5.el7
fixed
xorg-x11-drv-ati
RHEL 7
0:19.0.1-2.el7
fixed
xorg-x11-drv-vesa
RHEL 7
0:2.4.0-3.el7
fixed
xorg-x11-drv-wacom
RHEL 7
0:0.36.1-3.el7
fixed
xorg-x11-drv-wacom-devel
RHEL 7
0:0.36.1-3.el7
fixed
xorg-x11-server-Xdmx
RHEL 7
0:1.20.4-7.el7
fixed
xorg-x11-server-Xephyr
RHEL 7
0:1.20.4-7.el7
fixed
xorg-x11-server-Xnest
RHEL 7
0:1.20.4-7.el7
fixed
xorg-x11-server-Xorg
RHEL 7
0:1.20.4-7.el7
fixed
xorg-x11-server-Xvfb
RHEL 7
0:1.20.4-7.el7
fixed
xorg-x11-server-Xwayland
RHEL 7
0:1.20.4-7.el7
fixed
xorg-x11-server-common
RHEL 7
0:1.20.4-7.el7
fixed
xorg-x11-server-devel
RHEL 7
0:1.20.4-7.el7
fixed
xorg-x11-server-source
RHEL 7
0:1.20.4-7.el7
fixed
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2018/08/21/6
http://www.securityfocus.com/bid/105177
http://www.securitytracker.com/id/1041543
https://access.redhat.com/errata/RHSA-2019:2079
https://bugzilla.suse.com/show_bug.cgi?id=1102062
https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0
https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/
https://lists.x.org/archives/xorg-announce/2018-August/002916.html
https://security.gentoo.org/glsa/201811-01
https://usn.ubuntu.com/3758-1/
https://usn.ubuntu.com/3758-2/
http://www.openwall.com/lists/oss-security/2018/08/21/6
http://www.securityfocus.com/bid/105177
http://www.securitytracker.com/id/1041543
https://access.redhat.com/errata/RHSA-2019:2079
https://bugzilla.suse.com/show_bug.cgi?id=1102062
https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0
https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/
https://lists.x.org/archives/xorg-announce/2018-August/002916.html
https://security.gentoo.org/glsa/201811-01
https://usn.ubuntu.com/3758-1/
https://usn.ubuntu.com/3758-2/