Filtered by vendor X.org
Subscribe
Total
144 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-12176 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||
CVE-2017-12177 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||
CVE-2017-12187 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||
CVE-2017-12184 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||
CVE-2017-12182 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||
CVE-2017-13720 | 1 X.org | 1 Libxfont | 2024-02-28 | 3.6 LOW | 7.1 HIGH |
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters. | |||||
CVE-2017-10972 | 1 X.org | 1 Xorg-server | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server. | |||||
CVE-2017-10971 | 1 X.org | 1 Xorg-server | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. | |||||
CVE-2017-13722 | 1 X.org | 1 Libxfont | 2024-02-28 | 3.6 LOW | 7.1 HIGH |
In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server. | |||||
CVE-2017-13721 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2024-02-28 | 1.9 LOW | 4.7 MEDIUM |
In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session. | |||||
CVE-2017-13723 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp. | |||||
CVE-2016-10164 | 1 X.org | 1 Libxpm | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow. | |||||
CVE-2016-7948 | 2 Fedoraproject, X.org | 2 Fedora, Libxrandr | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. | |||||
CVE-2016-7952 | 2 Fedoraproject, X.org | 2 Fedora, Libxtst | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data. | |||||
CVE-2016-7953 | 2 Fedoraproject, X.org | 2 Fedora, Libxvmc | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string. | |||||
CVE-2016-7949 | 2 Fedoraproject, X.org | 2 Fedora, Libxrender | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields. | |||||
CVE-2016-7942 | 2 Fedoraproject, X.org | 2 Fedora, Libx11 | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations. | |||||
CVE-2016-7947 | 2 Fedoraproject, X.org | 2 Fedora, Libxrandr | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response. | |||||
CVE-2016-7943 | 2 Fedoraproject, X.org | 2 Fedora, Libx11 | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations. | |||||
CVE-2016-7950 | 2 Fedoraproject, X.org | 2 Fedora, Libxrender | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths. |