Updated 17 October 2023 (IGEL OS 11.09.100 available)

First published 6 October 2023

CVSS 3.1: 5.5 (Medium)



Multiple issues have been found in the libX11 and libXpm libraries published by X.Org, which are used in IGEL OS. This affects the following IGEL products:

  • IGEL OS 12
  • IGEL OS 11


The first issue (CVE-2023-43785) can be triggered by connecting to an X server that sends specially crafted replies to X11 protocol requests – this can happen with an X Session from IGEL OS. It can lead to an out-of-bounds memory access and is rated as medium.

The other four issues (CVE-2023-43786, CVE-2023-43787, CVE-2023-43788 and CVE-2023-43789) can be triggered by opening specially crafted XPM format image files via libXpm and can exhaust the stack, lead to a heap overflow or cause an out-of-bounds read. They are all rated as medium.

Update Instructions

  • OS 12: IGEL is preparing an updated Base system for OS 12.
  • OS 11: Update to IGEL OS 11.09.100 or newer.