Connect with us

Hi, what are you looking for?



X.Org Library Flaws Allow Privilege Escalation, DoS Attacks

X.Org developers released patches and updates to address over a dozen vulnerabilities found in several client libraries. The flaws can be exploited by local or remote attackers to cause a denial-of-service (DoS) condition or escalate privileges.

X.Org developers released patches and updates to address over a dozen vulnerabilities found in several client libraries. The flaws can be exploited by local or remote attackers to cause a denial-of-service (DoS) condition or escalate privileges.

X.Org is a popular open source implementation of the X Windows System (also known as X11, X or X-Windows), the graphical windowing system used by Unix and Linux operating systems. The X.Org (Xorg) libraries provide the routines used within X-Windows applications.

Tobias Stoeckmann of the OpenBSD Project discovered that many of these client libraries don’t sufficiently validate the responses they receive from servers, which introduces vulnerabilities that could be exploited by local or remote attackers.

Here is a short description of the vulnerabilities, their CVE identifiers and the libraries they affect:

  • libX11 version 1.6.3 and earlier – out-of-bounds memory read or write error (CVE-2016-7942, CVE-2016-7943);
  • libXfixes version 5.0.2 and earlier – integer overflow on 32-bit systems (CVE-2016-7944);
  • libXi version 1.7.6 and earlier – DoS condition via out-of-bounds memory access error or endless loop (CVE-2016-7945, CVE-2016-7946);
  • libXrandr version 1.5.0 and earlier – out-of-bounds memory write (CVE-2016-7947, CVE-2016-7948);
  • libXrender version 0.9.9 and earlier – out-of-bounds memory write (CVE-2016-7949, CVE-2016-7950);
  • XRecord version 1.2.2 and earlier – DoS condition via out of boundary memory access or endless loops (CVE-2016-7951, CVE-2016-7952);
  • libXv version 1.0.10 and earlier – memory corruption (CVE-2016-5407);
  • ibXvMC version 1.0.9 and earlier – buffer read underflow (CVE-2016-7953).

In an advisory published this week, the X.Org Foundation explained that most of the flaws are caused by the fact that the client libraries trust the server to send correct protocol data, not taking into consideration that the values could cause an overflow or other damage.

“Most of the time X clients & servers are run by the same user, with the server more privileged than the clients, so this is not a problem, but there are scenarios in which a privileged client can be connected to an unprivileged server, for instance, connecting a setuid X client (such as a screen lock program) to a virtual X server (such as Xvfb or Xephyr) which the user has modified to return invalid data, potentially allowing the user to escalate their privileges,” said X.Org developer Matthieu Herrb.

Related: Several Vulnerabilities Patched in Libarchive Library

Related: “Libotr” Library Flaw Exposes Popular IM Apps

Advertisement. Scroll to continue reading.

Related: Remote Code Execution Flaw Patched in glibc Library

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.