Buffer Overflow Vulnerability in X.Org Server by The X.Org Foundation
CVE-2017-13723

7.8HIGH

Key Information:

Vendor

X.org

Status
Xorg-server
Vendor
CVE Published:
9 October 2017

What is CVE-2017-13723?

A buffer overflow vulnerability exists in X.Org Server prior to version 1.19.4. This flaw allows a local, authenticated attacker to exploit the system by injecting large or improperly formatted XKB related atoms. The attack can result in the overflow of a global buffer, potentially causing the X server to crash or leading to unpredictable behavior. The vulnerability can be exploited through the xkbcomp utility, which processes XKB definitions, thereby affecting system stability and security.

References

http://www.securityfocus.com/bid/101253
vdb-entryx_refsource_BID
https://cgit.freedesktop.org/xorg/xserver/commit/?id=94f1...
x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2017/11/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.