cbcvebase.
CVE-2017-13723
published 2017-10-10

CVE-2017-13723: In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of…

high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp.

Affected

10 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debianxorg-server< xorg-server 2:1.19.4-1 (bookworm)xorg-server 2:1.19.4-1 (bookworm)
x.orgx_server<= 1.19.3
x.orgxorg-server>= 0 < 2:1.19.4-12:1.19.4-1
x.orgxorg-server>= 0 < 2:1.19.4-12:1.19.4-1
x.orgxorg-server>= 0 < 2:1.19.4-12:1.19.4-1
x.orgxorg-server>= 0 < 2:1.19.4-12:1.19.4-1
x.orgxorg-server>= 0 < 2:1.15.1-0ubuntu2.102:1.15.1-0ubuntu2.10
x.orgxorg-server>= 0 < 2:1.18.4-0ubuntu0.62:1.18.4-0ubuntu0.6

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH