CVE-2012-2118

EUVD-2012-2120
Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
x.orgx11
1.11
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xorg-server
bookworm
2:21.1.7-3+deb12u7
fixed
bookworm (security)
2:21.1.7-3+deb12u8
fixed
bullseye
2:1.20.11-1+deb11u13
fixed
bullseye (security)
2:1.20.11-1+deb11u14
fixed
sid
2:21.1.14-1
fixed
squeeze
not-affected
trixie
2:21.1.14-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xorg-server
hardy
not-affected
lucid
not-affected
natty
not-affected
oneiric
not-affected
precise
Fixed 2:1.11.4-0ubuntu10.5
released
quantal
not-affected
Common Weakness Enumeration
References
http://patchwork.freedesktop.org/patch/10001/
http://www.openwall.com/lists/oss-security/2012/04/18/8
http://www.openwall.com/lists/oss-security/2012/04/19/2
http://www.securityfocus.com/bid/53150
https://exchange.xforce.ibmcloud.com/vulnerabilities/74930
http://patchwork.freedesktop.org/patch/10001/
http://www.openwall.com/lists/oss-security/2012/04/18/8
http://www.openwall.com/lists/oss-security/2012/04/19/2
http://www.securityfocus.com/bid/53150
https://exchange.xforce.ibmcloud.com/vulnerabilities/74930