The XQueryKeymap() function returns a bit vector for the logical state of the keyboard, where each bit set to 1 indicates that the corresponding key is currently pressed down. The vector is represented as 32 bytes. Byte N (from 0) contains the bits for keys 8N to 8N + 7 with the least-significant bit in the byte representing key 8N.
– 0day: 03/06/2017
– Vulnerable (tested) library: libx11-6 / Version: 2:1.6.4-3
– Debian package: libx11-6_1.6.4-3_amd64.deb (8ad41adbd147ffe4bf64c50efcac497b)
– Tested at: Intel/x86_64 – Debian 4.9.25-1 (stretch)
git clone https://github.com/epsylon/x11-stack-corruption && cd x11-stack-corruption