CVE-2020-14344

An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.

Published: Aug 5, 2020
Updated: Nov 16, 2025
CVE: CVE-2020-14344
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-190

Affected Software
References

Software	From	Fixed in
x.org / libx11	-	1.6.10
fedoraproject / fedora	31	31.x
fedoraproject / fedora	32	32.x
fedoraproject / fedora	33	33.x
canonical / ubuntu_linux	18.04	18.04.x
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	20.04	20.04.x
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	12.04	12.04.x
opensuse / leap	15.1	15.1.x
opensuse / leap	15.2	15.2.x

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/
https://lists.x.org/archives/xorg-announce/2020-July/003050.html
https://security.gentoo.org/glsa/202008-18
https://usn.ubuntu.com/4487-1/
https://usn.ubuntu.com/4487-2/
https://www.openwall.com/lists/oss-security/2020/07/31/1

Vulnerability Database

309,961

CVE-2020-14344

Deep Security Visibility Without the Complexity