Debian Security Advisory

DLA-654-1 libxfixes -- LTS security update

Date Reported:
14 Oct 2016
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 840442.
In Mitre's CVE dictionary: CVE-2016-7944.
More information:

It was discovered that there was a integer overflow in libxfixes, a library providing a client interface to the X11 XFIXES extension.

The 32 bit field rep.length was not checked for validity, which allowed an integer overflow on 32 bit systems. A malicious server could send INT_MAX as length which was then multiplied by the size of XRectangle. In this case the client would not read the whole data from server, getting out of sync.

For Debian 7 Wheezy, this issue has been fixed in libxfixes version 1:5.0-4+deb7u2.

We recommend that you upgrade your libxfixes packages.