CVE-2012-1699
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and crash) or obtain potentially sensitive information from memory via a SetEventMask request that triggers an invalid pointer dereference.
La función ProcSetEventMask en DEFI/events.c en el servidor de fuentes xfs para X.Org X11R6.6 y X11R6 hasta XFree86 antes de 3.3.3 llama a la función SendErrToClient con un valor de máscara en lugar de un puntero, lo que permite a usuarios locales provocar una denegación de servicio (corrupción de memoria y caída) u obtener información sensible de la memoria a través de una solicitud SetEventMask que dispara una desreferencia de puntero no válido.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-03-16 CVE Reserved
- 2012-12-21 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://invisible-island.net/ansification/ansify-xfs-cve.html | X_refsource_misc | |
| http://lists.freedesktop.org/archives/xorg-announce/2012-July/002040.html | Mailing List | |
| http://twitter.com/bsdaemon/status/228958599790071809 | X_refsource_misc | |
| https://blogs.oracle.com/sunsecurity/entry/cve_2012_1699_denial_of | X_refsource_confirm | |
| https://bugzilla.redhat.com/show_bug.cgi?id=842841 | X_refsource_misc | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19369 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=135765511704334&w=2 | 2017-09-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| X Search vendor "X" | X.org X11 Search vendor "X" for product "X.org X11" | 6.0 Search vendor "X" for product "X.org X11" and version "6.0" | - |
Affected
| ||||||
| X Search vendor "X" | X.org X11 Search vendor "X" for product "X.org X11" | 6.1 Search vendor "X" for product "X.org X11" and version "6.1" | - |
Affected
| ||||||
| X Search vendor "X" | X.org X11 Search vendor "X" for product "X.org X11" | 6.3 Search vendor "X" for product "X.org X11" and version "6.3" | - |
Affected
| ||||||
| X Search vendor "X" | X.org X11 Search vendor "X" for product "X.org X11" | 6.4 Search vendor "X" for product "X.org X11" and version "6.4" | - |
Affected
| ||||||
| X Search vendor "X" | X.org X11 Search vendor "X" for product "X.org X11" | 6.5.1 Search vendor "X" for product "X.org X11" and version "6.5.1" | - |
Affected
| ||||||
| X Search vendor "X" | X.org X11 Search vendor "X" for product "X.org X11" | 6.6 Search vendor "X" for product "X.org X11" and version "6.6" | - |
Affected
| ||||||
| Xfree86 Search vendor "Xfree86" | Xfree86 Search vendor "Xfree86" for product "Xfree86" | <= 3.3.2 Search vendor "Xfree86" for product "Xfree86" and version " <= 3.3.2" | - |
Affected
| ||||||