6.5
CVSSv2

CVE-2017-10971

Published: 06/07/2017 Updated: 04/11/2017
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

In the X.Org X server prior to 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.

Vendor Advisories

Debian Bug report logs - #867492 xorg-server: CVE-2017-10971 CVE-2017-10972 Package: src:xorg-server; Maintainer for src:xorg-server is Debian X Strike Force <debian-x@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 6 Jul 2017 20:42:02 UTC Severity: grave Tags: fixed-upstream, pat ...
Two security issues have been discovered in the Xorg X server, which may lead to privilege escalation or an information leak For the oldstable distribution (jessie), these problems have been fixed in version 2:1164-1+deb8u1 For the stable distribution (stretch), these problems have been fixed in version 2:1192-1+deb9u1 Setups running root-l ...
In the XOrg X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events ...
Arch Linux Security Advisory ASA-201708-11 ========================================== Severity: High Date : 2017-08-14 CVE-ID : CVE-2017-10971 CVE-2017-10972 Package : xorg-server Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-341 Summary ======= The package xorg-server before version 1193-3 is vulnera ...
In the XOrg X server on v1193, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events ...
Oracle Solaris Third Party Bulletin - July 2017 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical P ...