CVE-2016-7950

Published on: 12/13/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:06 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of Fedora from Fedoraproject contain the following vulnerability:

The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths.

  • CVE-2016-7950 has been assigned by [email protected] to track the vulnerability - currently rated as - currently rated as CRITICAL severity.

CVSS3 Score: 9.8 - CRITICAL

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 7.5 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
xorg/lib/libXrender - RENDER extension library Issue Tracking
Patch
cgit.freedesktop.org
text/html
URL Logo CONFIRM cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=8fad00b0b647ee662ce4737ca15be033b7a21714
[SECURITY] Fedora 25 Update: libXrender-0.9.10-1.fc25 - package-announce - Fedora Mailing-Lists Third Party Advisory
lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-ade20198ff
oss-security - Re: X.Org security advisory: Protocol handling issues in X Window System client libraries Mailing List
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries
[SECURITY] Fedora 24 Update: libXrender-0.9.10-1.fc24 - package-announce - Fedora Mailing-Lists Third Party Advisory
lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-8877cf648b
X Client Library Bugs Let Remote and Local Users Deny Service or Gain Elevated Privileges - SecurityTracker Third Party Advisory
VDB Entry
www.securitytracker.com
text/html
URL Logo SECTRACK 1036945
X.Org security advisory: Protocol handling issues in X Window System client libraries Vendor Advisory
lists.x.org
text/html
URL Logo MLIST [xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries
oss-security - X.Org security advisory: Protocol handling issues in X Window System client libraries Mailing List
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries
X.Org libXrender CVE-2016-7950 Out of Bounds Write Denial of Service Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 93369
X.Org: Multiple vulnerabilities (GLSA 201704-03) — Gentoo Security security.gentoo.org
text/html
URL Logo GENTOO GLSA-201704-03

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
FedoraprojectFedora24AllAllAll
Operating
System
FedoraprojectFedora25AllAllAll
Operating
System
FedoraprojectFedora24AllAllAll
Operating
System
FedoraprojectFedora25AllAllAll
ApplicationX.orgLibxrenderAllAllAllAll
  • cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*:
  • cpe:2.3:a:x.org:libxrender:*:*:*:*:*:*:*:*: