CVE-2017-12178
24.01.2018, 15:29
xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.Enginsight
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| x.org | xorg-server | 𝑥 < 1.19.5 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||
|---|---|---|---|---|---|---|---|
| xorg |
| ||||||
| xorg-hwe-16.04 |
| ||||||
| xorg-server |
| ||||||
| xorg-server-hwe-16.04 |
| ||||||
| xorg-server-lts-utopic |
| ||||||
| xorg-server-lts-vivid |
| ||||||
| xorg-server-lts-wily |
| ||||||
| xorg-server-lts-xenial |
|
Common Weakness Enumeration
- CWE-391 - Unchecked Error Condition[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
References