CVE-2017-16611

EUVD-2017-7802
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
debiandebian_linux
8.0
debiandebian_linux
9.0
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.04
canonicalubuntu_linux
17.10
xlibxfont
1.0.0 ≤
𝑥
< 1.5.4
xlibxfont
2.0.0 ≤
𝑥
< 2.0.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libxfont
bookworm
1:2.0.6-1
fixed
bullseye
1:2.0.4-1
fixed
jessie
no-dsa
sid
1:2.0.6-1
fixed
trixie
1:2.0.6-1
fixed
wheezy
postponed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libxfont
artful
Fixed 1:2.0.1-3ubuntu1.1
released
trusty
Fixed 1:1.4.7-1ubuntu0.4
released
xenial
Fixed 1:1.5.1-1ubuntu0.16.04.4
released
zesty
Fixed 1:2.0.1-3ubuntu0.2
released
libxfont1
artful
Fixed 1:1.5.2-4ubuntu1.1
released
trusty
dne
xenial
dne
zesty
Fixed 1:1.5.2-4ubuntu0.2
released
libxfont2
artful
dne
trusty
dne
xenial
Fixed 1:2.0.1-3~ubuntu16.04.3
released
zesty
dne
Common Weakness Enumeration
References
http://security.cucumberlinux.com/security/details.php?id=155
http://www.openwall.com/lists/oss-security/2017/11/28/7
http://www.ubuntu.com/usn/USN-3500-1
https://bugzilla.suse.com/show_bug.cgi?id=1050459
https://lists.debian.org/debian-lts-announce/2022/01/msg00028.html
https://marc.info/?l=freedesktop-xorg-announce&m=151188044218304&w=2
https://marc.info/?l=freedesktop-xorg-announce&m=151188049718337&w=2
https://security.gentoo.org/glsa/201801-10
http://security.cucumberlinux.com/security/details.php?id=155
http://www.openwall.com/lists/oss-security/2017/11/28/7
http://www.ubuntu.com/usn/USN-3500-1
https://bugzilla.suse.com/show_bug.cgi?id=1050459
https://lists.debian.org/debian-lts-announce/2022/01/msg00028.html
https://marc.info/?l=freedesktop-xorg-announce&m=151188044218304&w=2
https://marc.info/?l=freedesktop-xorg-announce&m=151188049718337&w=2
https://security.gentoo.org/glsa/201801-10