A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-01-18T04:31:07.908Z

Updated: 2024-11-23T02:52:08.911Z

Reserved: 2023-12-14T04:34:38.017Z

Link: CVE-2023-6816

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2024-01-18T05:15:08.607

Modified: 2024-11-21T08:44:37.033

Link: CVE-2023-6816

cve-icon Redhat

Severity : Important

Publid Date: 2024-01-16T00:00:00Z

Links: CVE-2023-6816 - Bugzilla