CVE-2017-12176

2017-10-1200:00:00

ubuntu.com

0.008 Low

EPSS

Percentile

81.5%

JSON

xorg-x11-server before 1.19.5 was missing extra length validation in
ProcEstablishConnection function allowing malicious X client to cause X
server to crash or possibly execute arbitrary code.

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchxorg-server< 2:1.15.1-0ubuntu2.11UNKNOWN
ubuntu16.04noarchxorg-server< 2:1.18.4-0ubuntu0.7UNKNOWN
ubuntu17.04noarchxorg-server< 2:1.19.3-1ubuntu1.3UNKNOWN
ubuntu16.04noarchxorg-server-hwe-16.04< 2:1.19.3-1ubuntu1~16.04.4UNKNOWN
ubuntu14.04noarchxorg-server-lts-xenial< 2:1.18.3-1ubuntu2.3~trusty4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	14.04	noarch	xorg-server	< 2:1.15.1-0ubuntu2.11	UNKNOWN
ubuntu	16.04	noarch	xorg-server	< 2:1.18.4-0ubuntu0.7	UNKNOWN
ubuntu	17.04	noarch	xorg-server	< 2:1.19.3-1ubuntu1.3	UNKNOWN
ubuntu	16.04	noarch	xorg-server-hwe-16.04	< 2:1.19.3-1ubuntu1~16.04.4	UNKNOWN
ubuntu	14.04	noarch	xorg-server-lts-xenial	< 2:1.18.3-1ubuntu2.3~trusty4	UNKNOWN