CVE-2017-12180

Published: Jan 24, 2018Modified: Aug 29, 2025

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

Affected (3)

Products: Debian: Debian Linux · X.org: X Server

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
X.org X Server	Before 1.19.5

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-391

Unchecked Error Condition

[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.

References (10)

https://bugzilla.redhat.com/show_bug.cgi?id=1509221

Source: secalert@redhat.com

Issue TrackingPatchThird Party AdvisoryVDB Entry

https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b

Source: secalert@redhat.com

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/201711-05

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://www.debian.org/security/2017/dsa-4000

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1509221