Your submission was sent successfully! Close

CVE-2017-12187

Published: 12 October 2017

xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
xorg
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was not-affected [code not present])
upstream Not vulnerable

xenial Not vulnerable
(code not present)
zesty Not vulnerable
(code not present)
xorg-hwe-16.04
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream Not vulnerable

xenial Not vulnerable
(code not present)
zesty Does not exist

xorg-server
Launchpad, Ubuntu, Debian
precise Does not exist

trusty
Released (2:1.15.1-0ubuntu2.11)
upstream
Released (1.19.5)
xenial
Released (2:1.18.4-0ubuntu0.7)
zesty
Released (2:1.19.3-1ubuntu1.3)
xorg-server-hwe-16.04
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (1.19.5)
xenial
Released (2:1.19.3-1ubuntu1~16.04.4)
zesty Does not exist

xorg-server-lts-utopic
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was ignored [reached end-of-life])
upstream Needs triage

xenial Does not exist

zesty Does not exist

xorg-server-lts-vivid
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was ignored [reached end-of-life])
upstream Needs triage

xenial Does not exist

zesty Does not exist

xorg-server-lts-wily
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was ignored [reached end-of-life])
upstream Needs triage

xenial Does not exist

zesty Does not exist

xorg-server-lts-xenial
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was released [2:1.18.3-1ubuntu2.3~trusty4])
upstream
Released (1.19.5)
xenial Does not exist

zesty Does not exist