Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceCVE-2018-14598

CVE-2018-14598

HIGH7.5

An issue was discovered in XListExtensions in ListExt

Published Aug 24, 2018

Modified 1 years ago

Details

An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).

References

http://www.openwall.com/lists/oss-security/2018/08/21/6

http://www.securityfocus.com/bid/105177

http://www.securitytracker.com/id/1041543

https://access.redhat.com/errata/RHSA-2019:2079

https://bugzilla.suse.com/show_bug.cgi?id=1102073

https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2

https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/

https://lists.x.org/archives/xorg-announce/2018-August/002916.html

https://security.gentoo.org/glsa/201811-01

https://usn.ubuntu.com/3758-1/

https://usn.ubuntu.com/3758-2/

https://www.cve.org/CVERecord?id=CVE-2018-14598

CVSS Analysis

CVSS v3.0

7.5

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedAug 24, 2018

ModifiedAug 5, 2024

CVE-2018-14598 | Mondoo Vulnerability Intelligence