Improper input validation in X.org X11
CVE-2012-2118
Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name.
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.021 (84.6th percentile) — read the EPSS interpretation.
Affected products
- X.org X11 — versions 1.11
- N/a — versions n/a
Weakness classification (CWE)
References
- 53150 (vdb-entry, x_refsource_BID)
- xorg-input-device-format-string(74930) (vdb-entry, x_refsource_XF)
- secalert@redhat.com (Patch, x_refsource_MISC)
- [oss-security] 20120418 Re: CVE request: Xorg input device format string flaw (mailing-list, x_refsource_MLIST)
- [oss-security] 20120418 CVE request: Xorg input device format string flaw (mailing-list, x_refsource_MLIST)