CVE-2016-7942

Published on: 12/13/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:06 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of Fedora from Fedoraproject contain the following vulnerability:

The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations.

  • CVE-2016-7942 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as - currently rated as CRITICAL severity.

CVSS3 Score: 9.8 - CRITICAL

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 7.5 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
oss-security - Re: X.Org security advisory: Protocol handling issues in X Window System client libraries Mailing List
Patch
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries
xorg/lib/libX11 - libX11 GIT Repository Issue Tracking
Patch
cgit.freedesktop.org
text/html
URL Logo CONFIRM cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17
X Client Library Bugs Let Remote and Local Users Deny Service or Gain Elevated Privileges - SecurityTracker Third Party Advisory
VDB Entry
www.securitytracker.com
text/html
URL Logo SECTRACK 1036945
X.Org security advisory: Protocol handling issues in X Window System client libraries Vendor Advisory
lists.x.org
text/html
URL Logo MLIST [xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries
oss-security - X.Org security advisory: Protocol handling issues in X Window System client libraries Mailing List
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries
[SECURITY] Fedora 25 Update: libX11-1.6.4-1.fc25 - package-announce - Fedora Mailing-Lists Third Party Advisory
lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-0df69ab477
X.Org: Multiple vulnerabilities (GLSA 201704-03) — Gentoo Security security.gentoo.org
text/html
URL Logo GENTOO GLSA-201704-03
USN-3758-1: libx11 vulnerabilities | Ubuntu security notices usn.ubuntu.com
text/html
URL Logo UBUNTU USN-3758-1
USN-3758-2: libx11 vulnerabilities | Ubuntu security notices usn.ubuntu.com
text/html
URL Logo UBUNTU USN-3758-2
X.Org libX11 CVE-2016-7942 Memory Corruption Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 93363

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
FedoraprojectFedora25AllAllAll
Operating
System
FedoraprojectFedora25AllAllAll
ApplicationX.orgLibx11AllAllAllAll
  • cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*:
  • cpe:2.3:a:x.org:libx11:*:*:*:*:*:*:*:*: