It was found that when receiving a response from the server protocol data is not validated sufficiently. A check is needed if enough bytes were received for specified image type and geometry. Otherwise GetPixel and other functions could trigger an out of boundary read. Upstream patch: https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17 External References: https://lists.x.org/archives/xorg-announce/2016-October/002720.html CVE assignment: http://seclists.org/oss-sec/2016/q4/17
Created libX11 tracking bugs for this issue: Affects: fedora-all [bug 1381863]