CVE-2019-17624

moderate-risk
Published 2019-10-16

"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. Note: It is disputed if the X.Org X Server is involved or if there is a stack overflow.

Do I need to act?

!
16.2% chance of exploitation in next 30 days
EPSS score — higher than 84% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
47507
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

X.Org

References (6)

Third Party Advisory http://packetstormsecurity.com/files/154868/X.Org-X-Server-1.20.4-Local-Stack-Ov...
Exploit https://www.exploit-db.com/exploits/47507
Release Notes https://www.x.org/releases/individual/xserver/
Third Party Advisory http://packetstormsecurity.com/files/154868/X.Org-X-Server-1.20.4-Local-Stack-Ov...
Exploit https://www.exploit-db.com/exploits/47507
Release Notes https://www.x.org/releases/individual/xserver/
42
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 13/34 · Low
Exposure 5/34 · Minimal