Double free in libX11 locale handling code ========================================= CVE-2020-14363 There is an integer overflow and a double free vulnerability in the way LibX11 handles locales. The integer overflow is a necessary precursor to the double free. Patches ------- A Patch for this issue has been committed to the libX11 git repository. libX11 1.6.12 will be released shortly and will include this patch. https://gitlab.freedesktop.org/xorg/lib/libx11 commit acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d (HEAD -> master) Fix an integer overflow in init_om() CVE-2020-14363 This can lead to a double free later, as reported by Jayden Rivers. Thanks ------ X.Org thanks Jayden Rivers for reporting this issue to our security team and assisting them in understanding them and providing fixes. -- Matthieu Herrb -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <https://lists.x.org/archives/xorg-announce/attachments/20200825/028e367f/attachment.sig>