Vulnerability Details : CVE-2016-7946
X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.
Vulnerability category: Denial of service
Products affected by CVE-2016-7946
- cpe:2.3:a:x.org:libxi:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-7946
0.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-7946
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-7946
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-7946
-
https://lists.x.org/archives/xorg-announce/2016-October/002720.html
X.Org security advisory: Protocol handling issues in X Window System client libraries
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/
[SECURITY] Fedora 25 Update: libXi-1.7.7-1.fc25 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVTZ2XLPKLASQUIQA2GMKKAUOQIUMM7I/
[SECURITY] Fedora 24 Update: libXi-1.7.7-1.fc24 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
http://www.securityfocus.com/bid/93374
X.Org libXi CVE-2016-7946 Multiple Unspecified Security Vulnerabilities
-
https://security.gentoo.org/glsa/201704-03
X.Org: Multiple vulnerabilities (GLSA 201704-03) — Gentoo security
-
http://www.securitytracker.com/id/1036945
X Client Library Bugs Let Remote and Local Users Deny Service or Gain Elevated Privileges - SecurityTracker
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/
[SECURITY] Fedora 25 Update: libXi-1.7.7-1.fc25 - package-announce - Fedora Mailing-Lists
-
https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
xorg/lib/libXi - X.org libXi Client library for XInput. (mirrored from https://gitlab.freedesktop.org/xorg/lib/libxi)
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVTZ2XLPKLASQUIQA2GMKKAUOQIUMM7I/
[SECURITY] Fedora 24 Update: libXi-1.7.7-1.fc24 - package-announce - Fedora Mailing-Lists
-
http://www.openwall.com/lists/oss-security/2016/10/04/4
oss-security - Re: X.Org security advisory: Protocol handling issues in X Window System client libraries
-
http://www.openwall.com/lists/oss-security/2016/10/04/2
oss-security - X.Org security advisory: Protocol handling issues in X Window System client libraries
Jump to