CVE-2016-7942 — Out-of-bounds Write in Libx11

CWE-264 CWE-787 — Out-of-bounds Write11 documents8 sources

Severity

9.8CRITICALNVD

EPSS

4.7%

top 10.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Libx11 Fedoraproject Fedora

Timeline

PublishedDec 13

Latest updateMay 14

Description

The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶Debianx.org/libx11< 2:1.6.4-1+3

▶Ubuntux.org/libx11< 2:1.6.2-1ubuntu2.1+2

▶NVDx.org/libx111.6.3

Also affects: Fedora 25

🔴Vulnerability Details

GHSA

GHSA-22xc-96jv-r6q2: The XGetImage function in X↗2022-05-14

▶

OSV

libx11 vulnerabilities↗2018-08-30

▶

CVEList

CVE-2016-7942: The XGetImage function in X↗2016-12-13

▶

OSV

CVE-2016-7942: The XGetImage function in X↗2016-12-13

▶

📋Vendor Advisories

Ubuntu

libx11 vulnerabilities↗2018-08-30

▶

Ubuntu

libx11 vulnerabilities↗2018-08-30

▶

Red Hat

libX11: Insufficient validation of server responses in XGetImage()↗2016-09-25

▶

Debian

CVE-2016-7942: libx11 - The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers...↗2016

▶

💬Community

Bugzilla

CVE-2016-7942 libX11: Insufficient validation of server responses in XGetImage()↗2016-10-05

▶

Bugzilla

CVE-2016-7942 CVE-2016-7943 libX11: various flaws [fedora-all]↗2016-10-05

▶