VDB

ALPINE-CVE-2017-12176

ALPINE-CVE-2017-12176 PUBLISHED CVSS 9.800000190734863 CRITICAL

xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

Risk Scores

CVSS v3.0
9.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.11xorg-server1.15.1-r0, 1.15.2-r0, 1.13.2-r2
Alpine:v3.8xorg-server1.7.3.901-r0, 0, 1.10.0-r0
Alpine:v3.9xorg-server0, 1.6.0-r4, 1.10.0.901-r0
Alpine:v3.10xorg-server1.6.0-r4, 0, 1.10.0-r0
Alpine:v3.12xorg-server1.15.0-r1, 1.15.2-r0, 1.16.0-r0
Alpine:v3.7xorg-server1.9.3-r0, 0, 1.10.0-r0
Alpine:v3.6xorg-server0, 1.10.0-r0, 1.10.0.901-r0

Timeline

  • Jan 24, 2018 CVE Published
  • Nov 19, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›