CVE-2017-16611

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-16611

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16611.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-16611

Related

Published

2017-12-01T17:29:00Z

Modified

2024-09-18T01:17:47.121993Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.

References

Affected packages

Alpine:v3.10 / libxfont

Package

Name: libxfont
Purl: pkg:apk/alpine/libxfont?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.4-r0

Affected versions

1.*

1.3.4-r0

1.4.0-r0

1.4.1-r0

1.4.1-r1

1.4.2-r0

1.4.3-r0

1.4.3-r1

1.4.3-r2

1.4.4-r0

1.4.4-r1

1.4.5-r0

1.4.6-r0

1.4.7-r0

1.5.0-r0

1.5.1-r0

1.5.2-r0

1.5.2-r1

1.5.3-r0

Alpine:v3.10 / libxfont2

Package

Name: libxfont2
Purl: pkg:apk/alpine/libxfont2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.3-r0

Affected versions

2.*

2.0.1-r0

2.0.1-r1

2.0.2-r0

Alpine:v3.11 / libxfont

Package

Name: libxfont
Purl: pkg:apk/alpine/libxfont?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.4-r0

Affected versions

1.*

1.3.4-r0

1.4.0-r0

1.4.1-r0

1.4.1-r1

1.4.2-r0

1.4.3-r0

1.4.3-r1

1.4.3-r2

1.4.4-r0

1.4.4-r1

1.4.5-r0

1.4.6-r0

1.4.7-r0

1.5.0-r0

1.5.1-r0

1.5.2-r0

1.5.2-r1

1.5.3-r0

Alpine:v3.11 / libxfont2

Package

Name: libxfont2
Purl: pkg:apk/alpine/libxfont2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.3-r0

Affected versions

2.*

2.0.1-r0

2.0.1-r1

2.0.2-r0

Alpine:v3.12 / libxfont

Package

Name: libxfont
Purl: pkg:apk/alpine/libxfont?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.4-r0

Affected versions

1.*

1.3.4-r0

1.4.0-r0

1.4.1-r0

1.4.1-r1

1.4.2-r0

1.4.3-r0

1.4.3-r1

1.4.3-r2

1.4.4-r0

1.4.4-r1

1.4.5-r0

1.4.6-r0

1.4.7-r0

1.5.0-r0

1.5.1-r0

1.5.2-r0

1.5.2-r1

1.5.3-r0

Alpine:v3.12 / libxfont2

Package

Name: libxfont2
Purl: pkg:apk/alpine/libxfont2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.3-r0

Affected versions

2.*

2.0.1-r0

2.0.1-r1

2.0.2-r0

Alpine:v3.13 / libxfont

Package

Name: libxfont
Purl: pkg:apk/alpine/libxfont?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.4-r0

Affected versions

1.*

1.3.4-r0

1.4.0-r0

1.4.1-r0

1.4.1-r1

1.4.2-r0

1.4.3-r0

1.4.3-r1

1.4.3-r2

1.4.4-r0

1.4.4-r1

1.4.5-r0

1.4.6-r0

1.4.7-r0

1.5.0-r0

1.5.1-r0

1.5.2-r0

1.5.2-r1

1.5.3-r0

Alpine:v3.14 / libxfont

Package

Name: libxfont
Purl: pkg:apk/alpine/libxfont?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.4-r0

Affected versions

1.*

1.3.4-r0

1.4.0-r0

1.4.1-r0

1.4.1-r1

1.4.2-r0

1.4.3-r0

1.4.3-r1

1.4.3-r2

1.4.4-r0

1.4.4-r1

1.4.5-r0

1.4.6-r0

1.4.7-r0

1.5.0-r0

1.5.1-r0

1.5.2-r0

1.5.2-r1

1.5.3-r0

Alpine:v3.15 / libxfont

Package

Name: libxfont
Purl: pkg:apk/alpine/libxfont?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.4-r0

Affected versions

1.*

1.3.4-r0

1.4.0-r0

1.4.1-r0

1.4.1-r1

1.4.2-r0

1.4.3-r0

1.4.3-r1

1.4.3-r2

1.4.4-r0

1.4.4-r1

1.4.5-r0

1.4.6-r0

1.4.7-r0

1.5.0-r0

1.5.1-r0

1.5.2-r0

1.5.2-r1

1.5.3-r0

Alpine:v3.16 / libxfont

Package

Name: libxfont
Purl: pkg:apk/alpine/libxfont?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.4-r0

Affected versions

1.*

1.3.4-r0

1.4.0-r0

1.4.1-r0

1.4.1-r1

1.4.2-r0

1.4.3-r0

1.4.3-r1

1.4.3-r2

1.4.4-r0

1.4.4-r1

1.4.5-r0

1.4.6-r0

1.4.7-r0

1.5.0-r0

1.5.1-r0

1.5.2-r0

1.5.2-r1

1.5.3-r0

Alpine:v3.17 / libxfont

Package

Name: libxfont
Purl: pkg:apk/alpine/libxfont?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.4-r0

Affected versions

1.*

1.3.4-r0

1.4.0-r0

1.4.1-r0

1.4.1-r1

1.4.2-r0

1.4.3-r0

1.4.3-r1

1.4.3-r2

1.4.4-r0

1.4.4-r1

1.4.5-r0

1.4.6-r0

1.4.7-r0

1.5.0-r0

1.5.1-r0

1.5.2-r0

1.5.2-r1

1.5.3-r0

Alpine:v3.7 / libxfont

Package

Name: libxfont
Purl: pkg:apk/alpine/libxfont?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.4-r0

Affected versions

1.*

1.3.4-r0

1.4.0-r0

1.4.1-r0

1.4.1-r1

1.4.2-r0

1.4.3-r0

1.4.3-r1

1.4.3-r2

1.4.4-r0

1.4.4-r1

1.4.5-r0

1.4.6-r0

1.4.7-r0

1.5.0-r0

1.5.1-r0

1.5.2-r0

1.5.2-r1

1.5.3-r0

Alpine:v3.7 / libxfont2

Package

Name: libxfont2
Purl: pkg:apk/alpine/libxfont2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.3-r0

Affected versions

2.*

2.0.1-r0

2.0.1-r1

2.0.2-r0

Alpine:v3.8 / libxfont

Package

Name: libxfont
Purl: pkg:apk/alpine/libxfont?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.4-r0

Affected versions

1.*

1.3.4-r0

1.4.0-r0

1.4.1-r0

1.4.1-r1

1.4.2-r0

1.4.3-r0

1.4.3-r1

1.4.3-r2

1.4.4-r0

1.4.4-r1

1.4.5-r0

1.4.6-r0

1.4.7-r0

1.5.0-r0

1.5.1-r0

1.5.2-r0

1.5.2-r1

1.5.3-r0

Alpine:v3.8 / libxfont2

Package

Name: libxfont2
Purl: pkg:apk/alpine/libxfont2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.3-r0

Affected versions

2.*

2.0.1-r0

2.0.1-r1

2.0.2-r0

Alpine:v3.9 / libxfont

Package

Name: libxfont
Purl: pkg:apk/alpine/libxfont?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.4-r0

Affected versions

1.*

1.3.4-r0

1.4.0-r0

1.4.1-r0

1.4.1-r1

1.4.2-r0

1.4.3-r0

1.4.3-r1

1.4.3-r2

1.4.4-r0

1.4.4-r1

1.4.5-r0

1.4.6-r0

1.4.7-r0

1.5.0-r0

1.5.1-r0

1.5.2-r0

1.5.2-r1

1.5.3-r0

Alpine:v3.9 / libxfont2

Package

Name: libxfont2
Purl: pkg:apk/alpine/libxfont2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.3-r0

Affected versions

2.*

2.0.1-r0

2.0.1-r1

2.0.2-r0

Debian:11 / libxfont

Package

Name: libxfont
Purl: pkg:deb/debian/libxfont?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.0.3-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / libxfont

Package

Name: libxfont
Purl: pkg:deb/debian/libxfont?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.0.3-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / libxfont

Package

Name: libxfont
Purl: pkg:deb/debian/libxfont?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.0.3-1

Ecosystem specific

{
    "urgency": "low"
}

Git / gitlab.freedesktop.org/xorg/lib/libXfont

Affected ranges

Type: GIT
Repo: https://gitlab.freedesktop.org/xorg/lib/libXfont
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7d246751628bb877e04da762ec1a2e41ffa62154

Affected versions

Other

MODULAR_COPY

PRE_xf86-4_3_0_1

XACE-SELINUX-MERGE

XORG-6_7_99_1

XORG-6_7_99_2

XORG-6_7_99_901

XORG-6_7_99_902

XORG-6_7_99_903

XORG-6_7_99_904

XORG-6_8_0

XORG-6_8_1

XORG-6_8_1_901

XORG-6_8_1_902

XORG-6_8_99_1

XORG-6_8_99_10

XORG-6_8_99_11

XORG-6_8_99_12

XORG-6_8_99_13

XORG-6_8_99_14

XORG-6_8_99_15

XORG-6_8_99_16

XORG-6_8_99_2

XORG-6_8_99_3

XORG-6_8_99_4

XORG-6_8_99_5

XORG-6_8_99_6

XORG-6_8_99_7

XORG-6_8_99_8

XORG-6_8_99_9

XORG-6_8_99_900

XORG-6_8_99_901

XORG-6_8_99_902

XORG-6_8_99_903

XORG-6_99_99_900

XORG-6_99_99_901

XORG-6_99_99_902

XORG-6_99_99_903

XORG-6_99_99_904

XORG-7_0

XORG-7_0_99_901

XORG-7_1

XORG-MAIN

lg3d-base

lg3d-rel-0-7-0

libxfont-1_1_0

rel-0-6-1

sco_port_update-base

xf86-012804-2330

xf86-4_3_0_1

xf86-4_3_99_16

xf86-4_3_99_901

xf86-4_3_99_902

xf86-4_3_99_903

xf86-4_3_99_903_special

xf86-4_4_0

xf86-4_4_99_1

libXfont-1.*

libXfont-1.2.0

libXfont-1.2.3

libXfont-1.2.4

libXfont-1.2.5

libXfont-1.2.6

libXfont-1.2.7

libXfont-1.2.8

libXfont-1.2.9

libXfont-1.3.0

libXfont-1.3.1

libXfont-1.3.2

libXfont-1.3.3

libXfont-1.3.4

libXfont-1.4.0

libXfont-1.4.1

libXfont-1.4.2

libXfont-1.4.3

libXfont-1.4.4

libXfont-1.4.5

libXfont-1.4.6

libXfont-1.4.7

libXfont-1.4.99.901

libXfont-1.5.0

libXfont-1.5.1

libXfont-1.5.2

libXfont-1.5.3