CyberSec.Space Logo
返回 CVE 浏览器

CVE-2016-7943

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0410%
EPSS Percentile35.97th
Published2016年12月13日
Last Modified2026年5月6日

Vulnerability Description

The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations.

Affected Platforms (CPE)

💻
Fedoraproject

Fedora

= 25
📦
X.org

Libx11

<= 1.6.3

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2016/10/04/2
🔗 http://www.openwall.com/lists/oss-security/2016/10/04/4
🔗 http://www.securityfocus.com/bid/93362
🔗 http://www.securitytracker.com/id/1036945
🔗 https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9
🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMCVDXMFPXR7QGMKDG22WPPJCXH2X3L7/
🔗 https://lists.x.org/archives/xorg-announce/2016-October/002720.html
🔗 https://security.gentoo.org/glsa/201704-03

相关漏洞威胁

CVE-2009-189610.0

The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedo...

CVE-2012-265310.0

arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might...

CVE-2006-374210.0

The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a ...

CVE-2017-121709.8

Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configur...