Vulnerability CVE-2017-16611: Information

Description

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.

Severity: MEDIUM (5.5)

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (4.9)

Vector: CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-16611

Published: Dec. 1, 2017

Modified: April 20, 2025

Error type identifier: CWE-59

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
libXfont	sisyphus	1.5.4-alt1.S1	1.5.4-alt2	ALT-PU-2017-2728-1	195757	Fixed
libXfont	p11	1.5.4-alt1.S1	1.5.4-alt2	ALT-PU-2017-2728-1	195757	Fixed
libXfont	p10	1.5.4-alt1.S1	1.5.4-alt2	ALT-PU-2017-2728-1	195757	Fixed
libXfont	p9	1.5.4-alt1.S1	1.5.4-alt2	ALT-PU-2017-2728-1	195757	Fixed
libXfont	c10f2	1.5.4-alt1.S1	1.5.4-alt2	ALT-PU-2017-2728-1	195757	Fixed
libXfont	c9f2	1.5.4-alt1.S1	1.5.4-alt2	ALT-PU-2017-2728-1	195757	Fixed
libXfont2	sisyphus	2.0.3-alt1.S1	2.0.6-alt1	ALT-PU-2017-2729-1	195758	Fixed
libXfont2	p11	2.0.3-alt1.S1	2.0.6-alt1	ALT-PU-2017-2729-1	195758	Fixed
libXfont2	p10	2.0.3-alt1.S1	2.0.4-alt1	ALT-PU-2017-2729-1	195758	Fixed
libXfont2	p9	2.0.3-alt1.S1	2.0.3-alt2	ALT-PU-2017-2729-1	195758	Fixed
libXfont2	c10f2	2.0.3-alt1.S1	2.0.4-alt1	ALT-PU-2017-2729-1	195758	Fixed
libXfont2	c9f2	2.0.3-alt1.S1	2.0.3-alt2	ALT-PU-2017-2729-1	195758	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
http://security.cucumberlinux.com/security/details.php?id=155	Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/11/28/7	Mailing List Patch Third Party Advisory
http://www.ubuntu.com/usn/USN-3500-1	Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1050459	Issue Tracking Tool Signature VDB Entry
https://lists.debian.org/debian-lts-announce/2022/01/msg00028.html	Issue Tracking Mailing List Third Party Advisory
https://marc.info/?l=freedesktop-xorg-announce&m=151188044218304&w=2	Patch Third Party Advisory
https://marc.info/?l=freedesktop-xorg-announce&m=151188049718337&w=2	Patch Third Party Advisory
https://security.gentoo.org/glsa/201801-10	Third Party Advisory
BDU:2022-06035

Affected configurations:
1. cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
  cpe:2.3:a:x:libxfont:*:*:*:*:*:*:*:*
  Start including
  1.0.0
  End excluding
  1.5.4
  cpe:2.3:a:x:libxfont:*:*:*:*:*:*:*:*
  Start including
  2.0.0
  End excluding
  2.0.3

Version: v26.2.2