Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2016-7949

Published: 13/12/2016 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to X.org

Vulnerability Summary

Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender prior to 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

x.org libxrender

fedoraproject fedora 25

fedoraproject fedora 24

Vendor Advisories

Debian CVElist Bug Report Logs: 840443 CVE-2016-7949 CVE-2016-7950
Debian Bug report logs - #840443 840443 CVE-2016-7949 CVE-2016-7950 Package: src:libxrender; Maintainer for src:libxrender is Debian X Strike Force <debian-x@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 11 Oct 2016 15:51:02 UTC Severity: important Tags: patch, security, upstream ...
Ubuntu Security Notice: USN-5436-1: libXrender vulnerabilities
Several security issues were fixed in libXrender ...
Red Hat: CVE-2016-7949
Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in Xorg libXrender before 0910 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields ...

References

CWE-20CWE-787http://www.securitytracker.com/id/1036945https://security.gentoo.org/glsa/201704-03https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=9362c7ddd1af3b168953d0737877bc52d79c94f4https://lists.x.org/archives/xorg-announce/2016-October/002720.htmlhttp://www.securityfocus.com/bid/93366https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHUT5YOSWVMBJNWZGUQNZRBFIZKRM4A6/http://www.openwall.com/lists/oss-security/2016/10/04/4https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WCKZFMZ76APAVMIRCUKKHEB4GAS7ZUP/http://www.openwall.com/lists/oss-security/2016/10/04/2https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840443https://ubuntu.com/security/notices/USN-5436-1https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook