CVE-2017-12178: xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly…

critical9.8CVSS 3.0

AVNACLPRNUINSUCHIHAH

xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

Affected

9 ranges

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	xorg-server	< xorg-server 2:1.19.5-1 (bookworm)	xorg-server 2:1.19.5-1 (bookworm)
the_x.org_foundation	xorg-x11-server	—	—
x.org	x_server	< 1.19.5	1.19.5
x.org	xorg-server	>= 0 < 2:1.19.5-1	2:1.19.5-1
x.org	xorg-server	>= 0 < 2:1.19.5-1	2:1.19.5-1
x.org	xorg-server	>= 0 < 2:1.19.5-1	2:1.19.5-1
x.org	xorg-server	>= 0 < 2:1.19.5-1	2:1.19.5-1

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv9.8CRITICAL