CVE-2017-16611

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:x:libxfont:*:*:*:*:*:*:*:*
cpe:2.3:a:x:libxfont:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:16

Type Values Removed Values Added
References () http://security.cucumberlinux.com/security/details.php?id=155 - Third Party Advisory () http://security.cucumberlinux.com/security/details.php?id=155 - Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2017/11/28/7 - Mailing List, Patch, Third Party Advisory () http://www.openwall.com/lists/oss-security/2017/11/28/7 - Mailing List, Patch, Third Party Advisory
References () http://www.ubuntu.com/usn/USN-3500-1 - Third Party Advisory () http://www.ubuntu.com/usn/USN-3500-1 - Third Party Advisory
References () https://bugzilla.suse.com/show_bug.cgi?id=1050459 - Issue Tracking, Tool Signature, VDB Entry () https://bugzilla.suse.com/show_bug.cgi?id=1050459 - Issue Tracking, Tool Signature, VDB Entry
References () https://lists.debian.org/debian-lts-announce/2022/01/msg00028.html - Issue Tracking, Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2022/01/msg00028.html - Issue Tracking, Mailing List, Third Party Advisory
References () https://marc.info/?l=freedesktop-xorg-announce&m=151188044218304&w=2 - Patch, Third Party Advisory () https://marc.info/?l=freedesktop-xorg-announce&m=151188044218304&w=2 - Patch, Third Party Advisory
References () https://marc.info/?l=freedesktop-xorg-announce&m=151188049718337&w=2 - Patch, Third Party Advisory () https://marc.info/?l=freedesktop-xorg-announce&m=151188049718337&w=2 - Patch, Third Party Advisory
References () https://security.gentoo.org/glsa/201801-10 - Third Party Advisory () https://security.gentoo.org/glsa/201801-10 - Third Party Advisory

20 Feb 2022, 06:06

Type Values Removed Values Added
CVSS v2 : 2.1
v3 : 5.5
v2 : 4.9
v3 : 5.5
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/01/msg00028.html - (MLIST) https://lists.debian.org/debian-lts-announce/2022/01/msg00028.html - Issue Tracking, Mailing List, Third Party Advisory

26 Jan 2022, 02:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/01/msg00028.html -

Information

Published : 2017-12-01 17:29

Updated : 2024-11-21 03:16


NVD link : CVE-2017-16611

Mitre link : CVE-2017-16611

CVE.ORG link : CVE-2017-16611


JSON object : View

Products Affected

debian

  • debian_linux

canonical

  • ubuntu_linux

x

  • libxfont
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')