CVE-2016-7944: Integer Overflow
First published: Tue Dec 13 2016(Updated: )
Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE LibXfixes | <=5.0.2 | |
| Red Hat Fedora | =24 | |
| Red Hat Fedora | =25 |
Remedy
https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2016/10/04/2
- http://www.openwall.com/lists/oss-security/2016/10/04/4
- http://www.securityfocus.com/bid/93361
- http://www.securitytracker.com/id/1036945
- https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CE6VJWBMOWLSCH4OP4TAEPIA7NP53ON/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GE43MDCRGS4R7MRRZNVSLREHRLU5OHCV/
- https://lists.x.org/archives/xorg-announce/2016-October/002720.html
- https://security.gentoo.org/glsa/201704-03
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GE43MDCRGS4R7MRRZNVSLREHRLU5OHCV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4CE6VJWBMOWLSCH4OP4TAEPIA7NP53ON/
Frequently Asked Questions
What is the severity of CVE-2016-7944?
CVE-2016-7944 has a medium severity rating due to the potential for privilege escalation on 32-bit platforms.
How do I fix CVE-2016-7944?
To fix CVE-2016-7944, update the X.org libXfixes package to version 5.0.3 or higher.
Which versions are affected by CVE-2016-7944?
CVE-2016-7944 affects X.org libXfixes versions prior to 5.0.3, particularly on 32-bit systems.
Is CVE-2016-7944 exploitable remotely?
Yes, CVE-2016-7944 can be exploited by remote X servers to gain elevated privileges.
What platforms are impacted by CVE-2016-7944?
CVE-2016-7944 specifically impacts 32-bit platforms using vulnerable versions of X.org libXfixes.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/x.org
- canonical/suse libxfixes
- version/suse libxfixes/5.0.2
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/24
- version/red hat fedora/25