CVE-2016-7949 - OpenCVE

Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
X.org	Libxrender
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:a:x.org:libxrender:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:24:::::::*
	cpe:2.3:o:fedoraproject:fedora:25:::::::*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2016/10/04/2
http://www.openwall.com/lists/oss-security/2016/10/04/4
http://www.securityfocus.com/bid/93366
http://www.securitytracker.com/id/1036945
https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=9362c7ddd1af3b168953d0737877bc52d79c94f4
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WCKZFMZ76APAVMIRCUKKHEB4GAS7ZUP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHUT5YOSWVMBJNWZGUQNZRBFIZKRM4A6/
https://lists.x.org/archives/xorg-announce/2016-October/002720.html
https://security.gentoo.org/glsa/201704-03

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microfocus

Published: 2016-12-13T20:00:00

Updated: 2021-01-06T16:15:50

Reserved: 2016-09-09T00:00:00

Link: CVE-2016-7949

JSON object: View

NVD Information

Status : Modified

Published: 2016-12-13T20:59:15.583

Modified: 2023-11-07T02:35:19.460

Link: CVE-2016-7949

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-10-04T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:50", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"name": "1036945", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036945"}, {"name": "GLSA-201704-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201704-03"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=9362c7ddd1af3b168953d0737877bc52d79c94f4"}, {"name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"}, {"name": "93366", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93366"}, {"name": "FEDORA-2016-8877cf648b", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHUT5YOSWVMBJNWZGUQNZRBFIZKRM4A6/"}, {"name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"}, {"name": "FEDORA-2016-ade20198ff", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WCKZFMZ76APAVMIRCUKKHEB4GAS7ZUP/"}, {"name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2016-7949", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1036945", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036945"}, {"name": "GLSA-201704-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201704-03"}, {"name": "https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=9362c7ddd1af3b168953d0737877bc52d79c94f4", "refsource": "CONFIRM", "url": "https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=9362c7ddd1af3b168953d0737877bc52d79c94f4"}, {"name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", "refsource": "MLIST", "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"}, {"name": "93366", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93366"}, {"name": "FEDORA-2016-8877cf648b", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZHUT5YOSWVMBJNWZGUQNZRBFIZKRM4A6/"}, {"name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"}, {"name": "FEDORA-2016-ade20198ff", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WCKZFMZ76APAVMIRCUKKHEB4GAS7ZUP/"}, {"name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"}]}}}}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2016-7949", "datePublished": "2016-12-13T20:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2021-01-06T16:15:50", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:x.org:libxrender:*:*:*:*:*:*:*:*", "matchCriteriaId": "9824B706-86EE-458E-BF5E-341E5ABFE4F1", "versionEndIncluding": "0.9.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*", "matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*", "matchCriteriaId": "772E9557-A371-4664-AE2D-4135AAEB89AA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en las funciones (1) XvQueryAdaptors y (2) XvQueryEncodings en X.org libXrender en versiones anteriores a 0.9.10 permite a servidores remotos X desencadenar operaciones de escritura fuera de l\u00edmites a trav\u00e9s de vectores que involucran campos de longitud."}], "id": "CVE-2016-7949", "lastModified": "2023-11-07T02:35:19.460", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-12-13T20:59:15.583", "references": [{"source": "security@opentext.com", "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"}, {"source": "security@opentext.com", "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"}, {"source": "security@opentext.com", "url": "http://www.securityfocus.com/bid/93366"}, {"source": "security@opentext.com", "url": "http://www.securitytracker.com/id/1036945"}, {"source": "security@opentext.com", "url": "https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=9362c7ddd1af3b168953d0737877bc52d79c94f4"}, {"source": "security@opentext.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WCKZFMZ76APAVMIRCUKKHEB4GAS7ZUP/"}, {"source": "security@opentext.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHUT5YOSWVMBJNWZGUQNZRBFIZKRM4A6/"}, {"source": "security@opentext.com", "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"}, {"source": "security@opentext.com", "url": "https://security.gentoo.org/glsa/201704-03"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}