CVE-2016-7943 — Out-of-bounds Write in Libx11

CWE-787 — Out-of-bounds Write11 documents8 sources

Severity

9.8CRITICALNVD

EPSS

4.4%

top 10.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Libx11 Fedoraproject Fedora

Timeline

PublishedDec 13

Latest updateMay 14

Description

The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶Debianx.org/libx11< 2:1.6.4-1+3

▶Ubuntux.org/libx11< 2:1.6.2-1ubuntu2.1+2

▶NVDx.org/libx111.6.3

Also affects: Fedora 25

🔴Vulnerability Details

GHSA

GHSA-84fh-jqg7-vh26: The XListFonts function in X↗2022-05-14

▶

OSV

libx11 vulnerabilities↗2018-08-30

▶

CVEList

CVE-2016-7943: The XListFonts function in X↗2016-12-13

▶

OSV

CVE-2016-7943: The XListFonts function in X↗2016-12-13

▶

📋Vendor Advisories

Ubuntu

libx11 vulnerabilities↗2018-08-30

▶

Ubuntu

libx11 vulnerabilities↗2018-08-30

▶

Red Hat

libX11: Insufficient validation of server responses in FontNames↗2016-09-25

▶

Debian

CVE-2016-7943: libx11 - The XListFonts function in X.org libX11 before 1.6.4 might allow remote X server...↗2016

▶

💬Community

Bugzilla

CVE-2016-7943 libX11: Insufficient validation of server responses in FontNames↗2016-10-05

▶

Bugzilla

CVE-2016-7942 CVE-2016-7943 libX11: various flaws [fedora-all]↗2016-10-05

▶