Your submission was sent successfully! Close

CVE-2016-7945

Published: 13 December 2016

Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
libxi
Launchpad, Ubuntu, Debian 		Upstream
Released (1.7.7)
Ubuntu 21.10 (Impish Indri) Not vulnerable
(2:1.7.8-1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(2:1.7.8-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2:1.7.8-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2:1.7.8-1)
Ubuntu 16.04 ESM (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
Patches:
Upstream: https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5

Notes

AuthorNote
sbeattie 
same commit for CVE-2016-7946
mdeslaur 
possible regression: https://bugs.freedesktop.org/show_bug.cgi?id=98204

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading