CVE-2016-7944

Loading...

General

Score:7.5/10.0
Severity:High
Category:Numeric Error

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2016-5407, CVE-2016-7942, CVE-2016-7945, CVE-2016-7946, CVE-2016-7947, CVE-2016-7948, CVE-2016-7949, CVE-2016-7950, CVE-2016-7951, CVE-2016-7952, CVE-2016-7953

Published on 13/12/16 - Updated on 01/07/17

Description

Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.

Category: Numeric Error

CWE-190 (Integer Overflow or Wraparound)
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Security Notices

US National Vulnerability DatabaseCVE-2016-7944
Debian LTSDLA-654-1
SUSE SUSE-SU-2016:2505, SUSE-SU-2016:2828, SUSE-SU-2016:3172

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
fedoraprojectfedora
x.orglibxfixes

Share this vulnerability with:

Twitter Facebook LinkedIn Mail