Buffer Overflow Vulnerability in X.org libXrender by X Window System
CVE-2016-7949

9.8CRITICAL

Key Information:

Vendor

X.org

Status
Libxrender
Vendor
CVE Published:
13 December 2016

What is CVE-2016-7949?

The vulnerability involves multiple buffer overflows in the X.org libXrender library, specifically within the XvQueryAdaptors and XvQueryEncodings functions. This flaw allows remote X servers to initiate out-of-bounds write operations, which can be exploited via specially crafted length fields. The issue has been addressed in subsequent versions of the library, emphasizing the importance of keeping software up-to-date to mitigate potential security risks.

References

http://www.securitytracker.com/id/1036945
vdb-entryx_refsource_SECTRACK
https://security.gentoo.org/glsa/201704-03
vendor-advisoryx_refsource_GENTOO
https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.