PT-2017-4221 · X.Org Foundation+2 · Libxfont+3

Johannes Segitz

Published

2017-11-06

Updated

2024-06-15

CVE-2017-16611

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libXfont versions prior to 1.5.4 libXfont2 versions prior to 2.0.3

Description The issue is related to incorrect handling of symbolic links before accessing a file, allowing a local attacker to open files on the system as root. This can trigger mechanisms such as tape rewinds or watchdogs. The exploitation of this issue can lead to a denial of service.

Recommendations For libXfont versions prior to 1.5.4, update to version 1.5.4 or later. For libXfont2 versions prior to 2.0.3, update to version 2.0.3 or later.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

ALT-PU-2017-2728

ALT-PU-2017-2729

BDU:2022-06035

CVE-2017-16611

DLA-2901-1

MGASA-2017-0442

OPENSUSE-SU-2024:10921-1

OPENSUSE-SU-2024:10922-1

USN-3500-1

Affected Products

Alt Linux

Ubuntu

Libxfont

Libxfont2

PT-2017-4221 · X.Org Foundation+2 · Libxfont+3

CVE-2017-16611

Weakness Enumeration

Related Identifiers

Affected Products

References · 43