CVE-2017-10971
HIGHX.Org X Server < 1.19.3 - Authenticated Stack Overflow in X Event Endianness Conversion
Title source: llmDescription
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.
References (6)
Core 6
Core References
Mailing List, Third Party Advisory x_refsource_misc
https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84524e700d2073c
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99546
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3905
Mailing List, Third Party Advisory x_refsource_misc
https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.suse.com/show_bug.cgi?id=1035283
Mailing List, Third Party Advisory x_refsource_misc
https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d
Scores
CVSS v3
8.8
EPSS
0.0388
EPSS Percentile
88.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (1)
x.org/x_server
< 1.19.3
Published
Jul 06, 2017
Tracked Since
Feb 18, 2026