CyberSec.Space Logo
Back to CVE Browser

CVE-2016-7942

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1670%
EPSS Percentile27.41th
PublishedDec 13, 2016
Last ModifiedMay 6, 2026

Vulnerability Description

The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations.

Affected Platforms (CPE)

πŸ’»
Fedoraproject

Fedora

= 25
πŸ“¦
X.org

Libx11

<= 1.6.3

References & Advisories

πŸ”— http://www.openwall.com/lists/oss-security/2016/10/04/2
πŸ”— http://www.openwall.com/lists/oss-security/2016/10/04/4
πŸ”— http://www.securityfocus.com/bid/93363
πŸ”— http://www.securitytracker.com/id/1036945
πŸ”— https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMCVDXMFPXR7QGMKDG22WPPJCXH2X3L7/
πŸ”— https://lists.x.org/archives/xorg-announce/2016-October/002720.html
πŸ”— https://security.gentoo.org/glsa/201704-03

Related Vulnerabilities

CVE-2009-189610.0

The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedo...

CVE-2012-265310.0

arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might...

CVE-2006-374210.0

The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a ...

CVE-2017-121709.8

Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configur...