CVE-2023-43787: 
NixOS vulnerability analysis and mitigation

A critical security vulnerability (CVE-2023-43787) was discovered in libX11, affecting versions prior to 1.8.7. The vulnerability was found in the XCreateImage() function, which was introduced in X11R2 (released February 1988) and fixed in libX11 version 1.8.7. The flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges (JFrog Blog, NVD).

The vulnerability stems from an integer overflow condition within the XCreateImage() function of libX11. When the format is ZPixmap, it calculates bitsperpixel and uses the result to calculate the minbytesperline. Due to insufficient validation on the image width, the calculation exceeds the capacity of minbytesperline (a 4-byte integer), causing an overflow. The vulnerability has received a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (JFrog Blog, NVD).

The successful exploitation of this vulnerability can lead to arbitrary code execution with elevated privileges. The impact includes potential disclosure of sensitive information, addition or modification of data, and system compromise. The vulnerability affects multiple systems and software that use libX11, making it a significant security risk (NetApp Security).

The vulnerability has been fixed in libX11 version 1.8.7. Users are advised to upgrade to this version or later. Red Hat has released security updates for affected versions through RHSA-2024:2145 for Red Hat Enterprise Linux 9 and RHSA-2024:2973 for Red Hat Enterprise Linux 8 (Red Hat Advisory, Red Hat Advisory).

The vulnerability was discovered and reported by Yair Mizrahi of the JFrog Vulnerability Research team, who also provided the fix. The security community has acknowledged the severity of this long-standing vulnerability, which had existed in the codebase since February 1988 (OSS Security).