Vulnerability Details : CVE-2017-12182
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Vulnerability category: Input validationExecute code
Products affected by CVE-2017-12182
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-12182
0.79%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-12182
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-12182
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
-
[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2017-12182
-
https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b
xorg/xserver - X server (mirrored from https://gitlab.freedesktop.org/xorg/xserver)Patch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html
[SECURITY] [DLA 1186-1] xorg-server security updateMailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1509223
1509223 – (CVE-2017-12182) CVE-2017-12182 xorg-x11-server: unvalidated lengths in XFree86 DRI extensionIssue Tracking;VDB Entry;Patch;Third Party Advisory
-
https://www.debian.org/security/2017/dsa-4000
Debian -- Security Information -- DSA-4000-1 xorg-serverThird Party Advisory
-
https://security.gentoo.org/glsa/201711-05
X.Org Server: Multiple vulnerabilities (GLSA 201711-05) — Gentoo securityThird Party Advisory;VDB Entry
Jump to