CVE-2016-7943

moderate-risk
Published 2016-12-13

The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations.

Do I need to act?

~
4.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Libx11

Affected Vendors

X.Org Fedoraproject

References (20)

http://www.openwall.com/lists/oss-security/2016/10/04/2
http://www.openwall.com/lists/oss-security/2016/10/04/4
http://www.securityfocus.com/bid/93362
http://www.securitytracker.com/id/1036945
https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.x.org/archives/xorg-announce/2016-October/002720.html
https://security.gentoo.org/glsa/201704-03
https://usn.ubuntu.com/3758-1/
https://usn.ubuntu.com/3758-2/
http://www.openwall.com/lists/oss-security/2016/10/04/2
http://www.openwall.com/lists/oss-security/2016/10/04/4
http://www.securityfocus.com/bid/93362
http://www.securitytracker.com/id/1036945
https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.x.org/archives/xorg-announce/2016-October/002720.html
https://security.gentoo.org/glsa/201704-03
https://usn.ubuntu.com/3758-1/
https://usn.ubuntu.com/3758-2/
47
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 8/34 · Low
Exposure 7/34 · Low