Endianness Conversion Vulnerability in X.Org X Server by X.Org Foundation
CVE-2017-10972

6.5MEDIUM

Key Information:

Vendor

X.org

Status
Xorg-server
Vendor
CVE Published:
6 July 2017

What is CVE-2017-10972?

A vulnerability exists in the X.Org X Server that occurs due to uninitialized data in the endianness conversion process within its XEvent handling. This flaw enables authenticated malicious users to exploit the system and access potentially privileged data from the X server. This can lead to unauthorized information disclosure, posing a risk to the integrity and confidentiality of the system.

References

http://www.debian.org/security/2017/dsa-3905
vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/99543
vdb-entryx_refsource_BID
https://cgit.freedesktop.org/xorg/xserver/commit/?id=0544...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.