How severe is CVE-2017-1000376?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2017-1000376?

This is classified as CWE-119, which is a common weakness in software security.

CVE-2017-1000376 - HIGH Severity | CVSS 7

Vulnerability Description

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.

Related Vulnerabilities

CVE-2013-4588

HIGH

CVSS:7.0(High)

Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADM...

CWE-1192013

CVE-2015-0576

HIGH

CVSS:7.0(High)

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in HSDPA.

CWE-1192015

CVE-2015-4422

HIGH

CVSS:7.0(High)

The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users with root permissions to gain privileges or cause a denial of service (memory corruption) vi...

CWE-1192015

CVE-2016-5345

HIGH

CVSS:7.0(High)

Buffer overflow in the Qualcomm radio driver in Android before 2017-01-05 on Android One devices allows local users to gain privileges via a crafted application, aka Android internal bug 32639452 and ...

CWE-1192016

CVE-2016-5652

HIGH

CVSS:7.0(High)

An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code ex...

CWE-1192016

CVE-2017-0103

HIGH

CVSS:7.0(High)

The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 mishandles registry objects in memory, which allows local users to gain privil...

CWE-1192017