CVE-2017-12180

CRITICAL9.8EPSS 0.50%

Published: 1/24/2018Modified: 11/19/2025

Also known as:ALPINE-CVE-2017-12180DEBIAN-CVE-2017-12180

Description

xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

Affected packages (2)

Alpine/xorg-serverfrom 0, < 1.19.5-r0
Debian/xorg-serverfrom 0, < 2:1.19.5-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2017-12180
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2017-12180