Medium severity5.5NVD Advisory· Published Dec 1, 2017· Updated Jun 17, 2026
CVE-2017-16611
CVE-2017-16611
Description
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
- osv-coords2 versionspkg:rpm/opensuse/libXfont2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/libXfont&distro=openSUSE%20Tumbleweed
< 2.0.5-1.2+ 1 more
- (no CPE)range: < 2.0.5-1.2
- (no CPE)range: < 1.5.4-2.18
Patches
Vulnerability mechanics
References
8- www.openwall.com/lists/oss-security/2017/11/28/7nvdMailing ListPatchThird Party Advisory
- marc.infonvdPatchThird Party Advisory
- marc.infonvdPatchThird Party Advisory
- security.cucumberlinux.com/security/details.phpnvdThird Party Advisory
- www.ubuntu.com/usn/USN-3500-1nvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2022/01/msg00028.htmlnvdIssue TrackingMailing ListThird Party Advisory
- security.gentoo.org/glsa/201801-10nvdThird Party Advisory
- bugzilla.suse.com/show_bug.cginvdIssue TrackingTool SignatureVDB Entry
News mentions
0No linked articles in our index yet.