Bug 2136412 (CVE-2022-3555)

Summary: CVE-2022-3555 libX11: memory leak in _XFreeX11XCBStructure() of xcb_disp.c
Product: [Other] Security Response Reporter: TEJ RATHI <trathi>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: adudiak, ajax, bdettelb, caswilli, dffrench, dkuc, fjansen, gzaronik, jburrell, jkoehler, jwong, kaycoth, kshier, micjohns, mrehak, ndegraef, ngough, rgodfrey, sthirugn
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: libX11 1.7.4 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the libX11 package in the_XFreeX11XCBStructure function of the xcb_disp.c file. The manipulation of the argument dpy may lead to a memory leak, resulting in a crash.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2136422, 2139792, 2139793, 2139794    
Bug Blocks: 2136424    

Description TEJ RATHI 2022-10-20 08:48:32 UTC 
A vulnerability was found in X.org libX11 and classified as problematic. This issue affects the function _XFreeX11XCBStructure of the file xcb_disp.c. The manipulation of the argument dpy leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211055.

https://vuldb.com/?id.211055
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8a368d808fec166b5fb3dfe6312aab22c7ee20af
Comment 1 TEJ RATHI 2022-10-20 09:05:19 UTC 
Created libX11 tracking bugs for this issue:

Affects: fedora-all [bug 2136422]