There is an integer overflow and a double free vulnerability in the way LibX11 handles locales. The integer overflow is a necessary precursor to the double free (CVE-2020-14363).
{ "section": "core" }