4
CVSSv2

CVE-2017-10972

Published: 06/07/2017 Updated: 03/10/2019
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Vulnerability Summary

Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server prior to 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.

Vendor Advisories

Debian Bug report logs - #867492 xorg-server: CVE-2017-10971 CVE-2017-10972 Package: src:xorg-server; Maintainer for src:xorg-server is Debian X Strike Force <debian-x@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 6 Jul 2017 20:42:02 UTC Severity: grave Tags: fixed-upstream, pat ...
Two security issues have been discovered in the Xorg X server, which may lead to privilege escalation or an information leak For the oldstable distribution (jessie), these problems have been fixed in version 2:1164-1+deb8u1 For the stable distribution (stretch), these problems have been fixed in version 2:1192-1+deb9u1 Setups running root-l ...
Uninitialized data in endianness conversion in the XEvent handling of the XOrg X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server ...
Arch Linux Security Advisory ASA-201708-11 ========================================== Severity: High Date : 2017-08-14 CVE-ID : CVE-2017-10971 CVE-2017-10972 Package : xorg-server Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-341 Summary ======= The package xorg-server before version 1193-3 is vulnera ...
Uninitialized data in endianness conversion in the XEvent handling of the XOrg X Server on v1193 and before allowed authenticated malicious users to access potentially privileged data from the X server ...
Oracle Solaris Third Party Bulletin - July 2017 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical P ...