CVE-2012-2118 — Improper Input Validation in X11

CWE-20 — Improper Input Validation9 documents8 sources

Severity

10.0CRITICALNVD

EPSS

2.1%

top 15.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xorg-server X.org X11

Timeline

PublishedMay 18

Latest updateMay 17

Description

Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶Debianx.org/xorg-server< 2:1.12.1.902-1+3

▶NVDx.org/x111.11

Patches

Patch: patchwork.freedesktop.org ↗Patch: patchwork.freedesktop.org ↗

🔴Vulnerability Details

GHSA

GHSA-wqgf-h892-f3cp: Format string vulnerability in the LogVHdrMessageVerb function in os/log↗2022-05-17

▶

OSV

CVE-2012-2118: Format string vulnerability in the LogVHdrMessageVerb function in os/log↗2012-05-18

▶

CVEList

CVE-2012-2118: Format string vulnerability in the LogVHdrMessageVerb function in os/log↗2012-05-18

▶

📋Vendor Advisories

Ubuntu

X.Org X Server vulnerability↗2012-07-11

▶

Red Hat

xorg-x11-server: Input device name logging format string flaw↗2012-04-18

▶

Debian

CVE-2012-2118: xorg-server - Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X....↗2012

▶

💬Community

Bugzilla

CVE-2012-2118 xorg-x11-server: Input device name logging format string flaw↗2012-04-19

▶

Bugzilla

CVE-2012-2118 xorg-x11-server: Input device name logging format string flaw [fedora-all]↗2012-04-19

▶