Low severity2.4NVD Advisory· Published Apr 3, 2017· Updated May 13, 2026

CVE-2017-7407

Description

The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.

Affected products

Haxx/Curl
cpe:2.3:a:haxx:curl:7.53.1:*:*:*:*:*:*:*

Patches

1890d5990541

https://github.com/curl/curlvia nvd-ref

commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13nvdPatchVendor Advisory
www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlnvd
access.redhat.com/errata/RHSA-2018:3558nvd
security.gentoo.org/glsa/201709-14nvd

News mentions

No linked articles in our index yet.

cvss	0.156
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000