PublicDateAtUSN: 2020-08-25 13:00:00 UTC
Candidate: CVE-2020-14363
CRD: 2020-08-25 13:00:00 UTC
PublicDate: 2020-09-11 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14363
 https://lists.x.org/archives/xorg-announce/2020-August/003056.html
 https://ubuntu.com/security/notices/USN-4487-1
 https://ubuntu.com/security/notices/USN-4487-2
Description:
 An integer overflow vulnerability leading to a double-free was found in
 libX11. This flaw allows a local privileged attacker to cause an
 application compiled with libX11 to crash, or in some cases, result in
 arbitrary code execution. The highest threat from this flaw is to
 confidentiality, integrity as well as system availability.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by: Jayden Rivers
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_libx11:
 upstream: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d
upstream_libx11: needs-triage
precise/esm_libx11: released (2:1.4.99.1-0ubuntu2.5)
trusty_libx11: ignored (out of standard support)
trusty/esm_libx11: released (2:1.6.2-1ubuntu2.1+esm1)
xenial_libx11: released (2:1.6.3-1ubuntu2.2)
esm-infra/xenial_libx11: released (2:1.6.3-1ubuntu2.2)
bionic_libx11: released (2:1.6.4-3ubuntu0.3)
focal_libx11: released (2:1.6.9-2ubuntu1.1)
devel_libx11: not-affected (2:1.6.10-3)