Vulnerability Details CVE-2017-16611
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.6%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.9
References
- http://security.cucumberlinux.com/security/details.php?id=155
- http://www.openwall.com/lists/oss-security/2017/11/28/7
- http://www.ubuntu.com/usn/USN-3500-1
- https://bugzilla.suse.com/show_bug.cgi?id=1050459
- https://lists.debian.org/debian-lts-announce/2022/01/msg00028.html
- https://marc.info/?l=freedesktop-xorg-announce&m=151188044218304&w=2
- https://marc.info/?l=freedesktop-xorg-announce&m=151188049718337&w=2
- https://security.gentoo.org/glsa/201801-10
- http://security.cucumberlinux.com/security/details.php?id=155
- http://www.openwall.com/lists/oss-security/2017/11/28/7
- http://www.ubuntu.com/usn/USN-3500-1
- https://bugzilla.suse.com/show_bug.cgi?id=1050459
- https://lists.debian.org/debian-lts-announce/2022/01/msg00028.html
- https://marc.info/?l=freedesktop-xorg-announce&m=151188044218304&w=2
- https://marc.info/?l=freedesktop-xorg-announce&m=151188049718337&w=2
- https://security.gentoo.org/glsa/201801-10
Products affected by CVE-2017-16611
-
cpe:2.3:a:x:libxfont:1.0.0
-
cpe:2.3:a:x:libxfont:1.1.0
-
cpe:2.3:a:x:libxfont:1.2.0
-
cpe:2.3:a:x:libxfont:1.2.1
-
cpe:2.3:a:x:libxfont:1.2.2
-
cpe:2.3:a:x:libxfont:1.2.3
-
cpe:2.3:a:x:libxfont:1.2.4
-
cpe:2.3:a:x:libxfont:1.2.5
-
cpe:2.3:a:x:libxfont:1.2.6
-
cpe:2.3:a:x:libxfont:1.2.7
-
cpe:2.3:a:x:libxfont:1.2.8
-
cpe:2.3:a:x:libxfont:1.2.9
-
cpe:2.3:a:x:libxfont:1.3.0
-
cpe:2.3:a:x:libxfont:1.3.1
-
cpe:2.3:a:x:libxfont:1.3.2
-
cpe:2.3:a:x:libxfont:1.3.3
-
cpe:2.3:a:x:libxfont:1.3.4
-
cpe:2.3:a:x:libxfont:1.4.0
-
cpe:2.3:a:x:libxfont:1.4.1
-
cpe:2.3:a:x:libxfont:1.4.2
-
cpe:2.3:a:x:libxfont:1.4.3
-
cpe:2.3:a:x:libxfont:1.4.4
-
cpe:2.3:a:x:libxfont:1.4.5
-
cpe:2.3:a:x:libxfont:1.4.6
-
cpe:2.3:a:x:libxfont:1.4.7
-
cpe:2.3:a:x:libxfont:1.4.8
-
cpe:2.3:a:x:libxfont:1.4.9
-
cpe:2.3:a:x:libxfont:1.4.99
-
cpe:2.3:a:x:libxfont:1.4.99.901
-
cpe:2.3:a:x:libxfont:1.5.0
-
cpe:2.3:a:x:libxfont:1.5.1
-
cpe:2.3:a:x:libxfont:1.5.2
-
cpe:2.3:a:x:libxfont:1.5.3
-
cpe:2.3:a:x:libxfont:2.0.0
-
cpe:2.3:a:x:libxfont:2.0.1
-
cpe:2.3:a:x:libxfont:2.0.2
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:17.04
-
cpe:2.3:o:canonical:ubuntu_linux:17.10
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0