Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2023-5367 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2023-5367

CVE-2023-5367

HIGH7.8

Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty

Published Oct 25, 2023

Modified 3 months ago

Details

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

References(33)

https://access.redhat.com/errata/RHSA-2023:6802

https://access.redhat.com/errata/RHSA-2023:6808

https://access.redhat.com/errata/RHSA-2023:7373

https://access.redhat.com/errata/RHSA-2023:7388

https://access.redhat.com/errata/RHSA-2023:7405

https://access.redhat.com/errata/RHSA-2023:7428

https://access.redhat.com/errata/RHSA-2023:7436

https://access.redhat.com/errata/RHSA-2023:7526

https://access.redhat.com/errata/RHSA-2023:7533

https://access.redhat.com/errata/RHSA-2024:0010

https://access.redhat.com/errata/RHSA-2024:0128

https://access.redhat.com/errata/RHSA-2024:2169

https://access.redhat.com/errata/RHSA-2024:2170

https://access.redhat.com/errata/RHSA-2024:2995

https://access.redhat.com/errata/RHSA-2024:2996

https://access.redhat.com/errata/RHSA-2025:12751

https://access.redhat.com/security/cve/CVE-2023-5367

https://bugzilla.redhat.com/show_bug.cgi?id=2243091

https://lists.debian.org/debian-lts-announce/2023/10/msg00036.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YBK3I6SETHETBHDETFWM3VSZUQICIDV/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L2RMNR4235YXZZQ2X7Q4MTOZDMZ7BBQU/

CVSS Analysis

CVSS v3.1

7.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

Memory Safety

Out-of-bounds Write

Ecosystems

Timeline

PublishedOct 25, 2023

ModifiedNov 6, 2025