A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxfont | 1.3.1 |
The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | x.org | 7.1 |
xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | x11 | r6.8.2 |
| x | x11 | r6.9.0 |
| x | x11 | r7.2 |
| x | x11 | * |
| x | x11 | r6.6 |
| x | x11 | r6.7.0 |
| x | x11 | r6 |
| x | x11 | r6.3 |
| x | x11 | r6.8.1 |
| x | x11 | r7.1 |
| x | x11 | r6.8.0 |
| matthias_hopf | xrdb | 1.0.2 |
| matthias_hopf | xrdb | * |
| x | x11 | r6.4 |
| x | x11 | r6.5.1 |
| x | x11 | r6.7 |
| matthias_hopf | xrdb | 1.0.6 |
| x | x11 | r1 |
| x | x11 | r7.4 |
| matthias_hopf | xrdb | 1.0.3 |
| matthias_hopf | xrdb | 1.0.5 |
| x | x11 | r7.0 |
| matthias_hopf | xrdb | 1.0.4 |
| x | x11 | r7.5 |
| matthias_hopf | xrdb | 1.0.7 |
| x | x11 | r4 |
| x | x11 | r5 |
| x | x11 | r2 |
| x | x11 | r7.3 |
| x | x11 | r6.1 |
| x | x11 | r3 |
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openbsd | openbsd | 2.1 |
| openbsd | openbsd | 2.9 |
| openbsd | openbsd | 2.6 |
| x | libxfont | 1.3.1 |
| openbsd | openbsd | 3.0 |
| openbsd | openbsd | 2.5 |
| freetype | freetype | 2.1.9 |
| openbsd | openbsd | 3.6 |
| x | libxfont | 1.2.3 |
| x | libxfont | 1.3.4 |
| freebsd | freebsd | * |
| openbsd | openbsd | 3.4 |
| openbsd | openbsd | 3.5 |
| openbsd | openbsd | 2.4 |
| openbsd | openbsd | 2.8 |
| x | libxfont | 1.2.6 |
| x | libxfont | 1.4.0 |
| x | libxfont | 1.2.5 |
| x | libxfont | 1.2.0 |
| x | libxfont | 1.3.0 |
| x | libxfont | * |
| openbsd | openbsd | 3.1 |
| openbsd | openbsd | * |
| openbsd | openbsd | 3.2 |
| x | libxfont | 1.2.7 |
| x | libxfont | 1.2.1 |
| x | libxfont | 1.4.1 |
| openbsd | openbsd | 2.0 |
| x | libxfont | 1.3.2 |
| x | libxfont | 1.4.2 |
| openbsd | openbsd | 2.3 |
| x | libxfont | 1.2.8 |
| x | libxfont | 1.2.4 |
| netbsd | netbsd | * |
| openbsd | openbsd | 2.7 |
| x | libxfont | 1.3.3 |
| openbsd | openbsd | 2.2 |
| openbsd | openbsd | 3.3 |
| x | libxfont | 1.2.2 |
| x | libxfont | 1.2.9 |
X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 11.04 |
| canonical | ubuntu_linux | 12.10 |
| canonical | ubuntu_linux | 12.04 |
| x | x.org-xserver | 1.4.0 |
| canonical | ubuntu_linux | 11.10 |
| x | x.org-xserver | * |
Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 12.10 |
| canonical | ubuntu_linux | 12.04 |
| x | libx11 | * |
| canonical | ubuntu_linux | 13.04 |
| x | libx11 | 1.5.0 |
| canonical | ubuntu_linux | 10.04 |
Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XcupGetReservedColormapEntries, (2) XcupStoreColors, (3) XdbeGetVisualInfo, (4) XeviGetVisualInfo, (5) XShapeGetRectangles, and (6) XSyncListSystemCounters functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxext | * |
| x | libxext | 1.0.99.4 |
| x | libxext | 1.1 |
| x | libxext | 1.1.2 |
| x | libxext | 1.2.0 |
| x | libxext | 1.0.99.3 |
| x | libxext | 1.0.99.2 |
| x | libxext | 1.1.1 |
| x | libxext | 1.3.0 |
Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxfixes | * |
| x | libxfixes | 4.0.3 |
| x | libxfixes | 4.0.1 |
| x | libxfixes | 4.0.5 |
| x | libxfixes | 4.0.4 |
| x | libxfixes | 4.0 |
| x | libxfixes | 4.0.2 |
Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxinerama | 1.1 |
| x | libxinerama | * |
| x | libxinerama | 1.0.3 |
| x | libxinerama | 1.0.99.1 |
| x | libxinerama | 1.0.2 |
| x | libxinerama | 1.1.1 |
Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxrandr | 1.2.99.2 |
| x | libxrandr | 1.3.0 |
| x | libxrandr | 1.3.1 |
| x | libxrandr | 1.2.3 |
| x | libxrandr | 1.2.99.1 |
| x | libxrandr | 1.3.2 |
| x | libxrandr | * |
| x | libxrandr | 1.2.99.3 |
| x | libxrandr | 1.2.99.4 |
Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats, and (3) XRenderQueryPictIndexValues functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 12.10 |
| x | libxrender | 0.9.3 |
| x | libxrender | 0.9.2 |
| x | libxrender | 0.9.5 |
| x | libxrender | * |
| x | libxrender | 0.9.1 |
| canonical | ubuntu_linux | 13.04 |
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 12.04 |
| x | libxrender | 0.9.4 |
| opensuse | opensuse | 12.3 |
| x | libxrender | 0.9.6 |
| opensuse | opensuse | 12.2 |
Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XResQueryClients and (2) XResQueryClientResources functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxres | 1.0.1 |
| x | libxres | 1.0.2 |
| x | libxres | * |
| x | libxres | 1.0.5 |
| x | libxres | 1.0.3 |
| x | libxres | 1.0.4 |
Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvQueryPortAttributes, (2) XvListImageFormats, and (3) XvCreateImage function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxv | 1.0.6 |
| x | libxv | 1.0.3 |
| x | libxv | 1.0.4 |
| x | libxv | 1.0.5 |
| x | libxv | 1.0.2 |
| x | libxv | * |
Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvMCListSurfaceTypes and (2) XvMCListSubpictureTypes functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxvmc | 1.0.5 |
| x | libxvmc | 1.0.3 |
| x | libxvmc | * |
| x | libxvmc | 1.0.4 |
| x | libxvmc | 1.0.6 |
| x | libxvmc | 1.0.2 |
Multiple integer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XDGAQueryModes and (2) XDGASetMode functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxxf86dga | 1.0.2 |
| x | libxxf86dga | * |
| x | libxxf86dga | 1.0.1 |
| x | libxxf86dga | 1.1 |
| x | libxxf86dga | 1.1.2 |
| x | libxxf86dga | 1.0.99.1 |
| x | libxxf86dga | 1.0.99.2 |
| x | libxxf86dga | 1.1.1 |
Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) DMXGetScreenAttributes, (2) DMXGetWindowAttributes, and (3) DMXGetInputAttributes functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libdmx | 1.0.99.1 |
| x | libdmx | 1.1.1 |
| x | libdmx | 1.1.0 |
| x | libdmx | 1.0.2 |
| x | libdmx | * |
Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mesa3d | mesa | 9.0.3 |
| x | libglx | - |
| mesa3d | mesa | 9.0.2 |
| mesa3d | mesa | 9.1 |
| mesa3d | mesa | 9.0.1 |
| mesa3d | mesa | * |
| mesa3d | mesa | 9.0 |
Multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro in openChrome 0.3.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) uniDRIOpenConnection and (2) uniDRIGetClientDriverName functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libchromexvmc | - |
| openchrome | openchrome | * |
| x | libchromexvmcpro | - |
X.org libFS 1.0.4 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the FSOpenServer function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libfs | 1.0.1 |
| x | libfs | 1.0.2 |
| x | libfs | 1.0.3 |
| x | libfs | * |
Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libx11 | * |
| x | libx11 | 1.5.0 |
Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvMCGetDRInfo function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxvmc | 1.0.5 |
| x | libxvmc | 1.0.3 |
| x | libxvmc | * |
| x | libxvmc | 1.0.4 |
| x | libxvmc | 1.0.6 |
| x | libxvmc | 1.0.2 |
Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XDGAQueryModes and (2) XDGASetMode functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxxf86dga | 1.0.2 |
| x | libxxf86dga | * |
| x | libxxf86dga | 1.0.1 |
| x | libxxf86dga | 1.1 |
| x | libxxf86dga | 1.1.2 |
| x | libxxf86dga | 1.0.99.1 |
| x | libxxf86dga | 1.0.99.2 |
| x | libxxf86dga | 1.1.1 |
Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGetGammaRamp function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxxf86vm | 1.1.1 |
| x | libxxf86vm | 1.0.99.1 |
| x | libxxf86vm | 1.0.1 |
| x | libxxf86vm | 1.0.2 |
| x | libxxf86vm | * |
| x | libxxf86vm | 1.1.0 |
Buffer overflow in X.org libXt 1.1.3 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the _XtResourceConfigurationEH function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxt | 1.0.3 |
| x | libxt | 1.0.7 |
| x | libxt | 1.0.5 |
| x | libxt | 1.1.1 |
| x | libxt | 1.0.8 |
| x | libxt | 1.0.4 |
| x | libxt | * |
| x | libxt | 1.1.2 |
| x | libxt | 1.0.9 |
| x | libxt | 1.0.6 |
Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxcursor | 1.1.6 |
| x | libxcursor | 1.1.8 |
| x | libxcursor | 1.1.11 |
| x | libxcursor | 1.1.10 |
| x | libxcursor | * |
| x | libxcursor | 1.1.12 |
| x | libxcursor | 1.1.9 |
| x | libxcursor | 1.1.7 |
The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libx11 | * |
| x | libx11 | 1.5.0 |
X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors related to the (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut, (4) HandleNormal, and (5) HandleSelectionReplies functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxt | 1.0.3 |
| x | libxt | 1.0.7 |
| x | libxt | 1.0.5 |
| x | libxt | 1.1.1 |
| x | libxt | 1.0.8 |
| x | libxt | 1.0.4 |
| x | libxt | * |
| x | libxt | 1.1.2 |
| x | libxt | 1.0.9 |
| x | libxt | 1.0.6 |
Multiple integer overflows in X.org libXp 1.0.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XpGetAttributes, (2) XpGetOneAttribute, (3) XpGetPrinterList, and (4) XpQueryScreens functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxp | 1.0.0 |
| x | libxp | * |
Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxtst | 1.1.0 |
| x | libxtst | 1.0.2 |
| x | libxtst | 1.0.3 |
| x | libxtst | 1.0.99.1 |
| x | libxtst | * |
| x | libxtst | 1.0.99.2 |
| x | libxtst | 1.2.0 |
Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxcb | 1.1.92 |
| fedoraproject | fedora | 19 |
| canonical | ubuntu_linux | 13.04 |
| oracle | secure_global_desktop | 5.2 |
| x | libxcb | 1.5 |
| opensuse | opensuse | 12.3 |
| x | libxcb | 1.1.93 |
| x | libxcb | 1.4 |
| opensuse | opensuse | 12.2 |
| oracle | secure_global_desktop | 4.71 |
| x | libxcb | 1.7 |
| x | libxcb | 1.1.90.1 |
| canonical | ubuntu_linux | 12.10 |
| debian | debian_linux | 6.0 |
| debian | debian_linux | 7.0 |
| canonical | ubuntu_linux | 10.04 |
| x | libxcb | 1.8.1 |
| x | libxcb | 1.3 |
| x | libxcb | 1.6 |
| canonical | ubuntu_linux | 12.04 |
| x | libxcb | 1.8 |
| x | libxcb | 1.2 |
| x | libxcb | 1.1.91 |
| x | libxcb | * |
Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvQueryPortAttributes function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxv | 1.0.6 |
| x.org | libxv | 1.0.3 |
| x.org | libxv | 1.0.6 |
| x | libxv | 1.0.4 |
| x | libxv | 1.0.5 |
| x.org | libxv | 1.0.2 |
| x | libxv | * |
| x.org | libxv | 1.0.5 |
| x.org | libxv | 1.0.7 |
| x.org | libxv | 1.0.4 |
| x | libxv | 1.0.3 |
| x | libxv | 1.0.2 |
X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing authentication using certain implementations of the crypt API function that can return NULL, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by attempting to log into an account whose password field contains invalid characters, as demonstrated using the crypt function from glibc 2.17 and later with (1) the "!" character in the salt portion of a password field or (2) a password that has been encrypted using DES or MD5 in FIPS-140 mode.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | x_display_manager | 1.1.11 |
| x | x_display_manager | 1.1.10 |
Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | x.org_x11 | 6.1 |
| x | x.org_x11 | 6.7 |
| x | x.org_x11 | 6.8.2 |
| x | x.org_x11 | 6.9.0 |
| x | x.org_x11 | 7.0 |
| x | x.org_x11 | 6.5.1 |
| x | x.org_x11 | 6.8 |
| x | x.org_x11 | 6.4 |
| x | x.org_x11 | 6.0 |
| x | x.org_x11 | 7.1 |
| x | x.org_x11 | 7.2 |
| x | x.org_x11 | 7.7 |
| x | x.org_x11 | 6.8.1 |
| x | x.org_x11 | 6.3 |
| x | x.org_x11 | 7.3 |
| x | x.org_x11 | 7.4 |
| x | x.org_x11 | 6.6 |
| x | x.org_x11 | 7.5 |
| x | x.org_x11 | 7.6 |
Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxfont | 1.4.6 |
| x | libxfont | 1.2.7 |
| x | libxfont | 1.2.1 |
| x | libxfont | 1.3.1 |
| x | libxfont | 1.4.1 |
| x | libxfont | 1.4.3 |
| x | libxfont | 1.4.4 |
| x | libxfont | 1.2.3 |
| x | libxfont | 1.3.4 |
| x | libxfont | 1.4.5 |
| x | libxfont | 1.3.2 |
| x | libxfont | 1.4.2 |
| x | libxfont | 1.2.8 |
| x | libxfont | 1.2.4 |
| x | libxfont | 1.2.6 |
| x | libxfont | 1.1.0 |
| x | libxfont | 1.4.0 |
| x | libxfont | 1.3.3 |
| x | libxfont | 1.2.5 |
| x | libxfont | 1.2.0 |
| x | libxfont | 1.2.2 |
| x | libxfont | 1.2.9 |
| x | libxfont | 1.3.0 |
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxfont | 1.4.6 |
| x | libxfont | 1.3.1 |
| x | libxfont | 1.4.3 |
| x | libxfont | 1.4.4 |
| x | libxfont | 1.2.3 |
| x | libxfont | 1.3.4 |
| canonical | ubuntu_linux | 13.10 |
| x | libxfont | 1.2.6 |
| x | libxfont | 1.4.0 |
| x | libxfont | 1.2.5 |
| x | libxfont | 1.3.0 |
| x | libxfont | * |
| canonical | ubuntu_linux | 12.10 |
| x | libxfont | 1.2.7 |
| x | libxfont | 1.4.1 |
| canonical | ubuntu_linux | 10.04 |
| x | libxfont | 1.4.5 |
| x | libxfont | 1.3.2 |
| x | libxfont | 1.4.2 |
| canonical | ubuntu_linux | 12.04 |
| x | libxfont | 1.2.8 |
| x | libxfont | 1.2.4 |
| x | libxfont | 1.4.99 |
| x | libxfont | 1.3.3 |
| canonical | ubuntu_linux | 14.04 |
| x | libxfont | 1.2.9 |
Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxfont | 1.4.6 |
| x | libxfont | 1.3.1 |
| x | libxfont | 1.4.3 |
| x | libxfont | 1.4.4 |
| x | libxfont | 1.2.3 |
| x | libxfont | 1.3.4 |
| canonical | ubuntu_linux | 13.10 |
| x | libxfont | 1.2.6 |
| x | libxfont | 1.4.0 |
| x | libxfont | 1.2.5 |
| x | libxfont | 1.3.0 |
| x | libxfont | * |
| canonical | ubuntu_linux | 12.10 |
| x | libxfont | 1.2.7 |
| x | libxfont | 1.4.1 |
| canonical | ubuntu_linux | 10.04 |
| x | libxfont | 1.4.5 |
| x | libxfont | 1.3.2 |
| x | libxfont | 1.4.2 |
| canonical | ubuntu_linux | 12.04 |
| x | libxfont | 1.2.8 |
| x | libxfont | 1.2.4 |
| x | libxfont | 1.4.99 |
| x | libxfont | 1.3.3 |
| canonical | ubuntu_linux | 14.04 |
| x | libxfont | 1.2.9 |
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxfont | 1.4.6 |
| x | libxfont | 1.3.1 |
| x | libxfont | 1.4.3 |
| x | libxfont | 1.4.4 |
| x | libxfont | 1.2.3 |
| x | libxfont | 1.3.4 |
| canonical | ubuntu_linux | 13.10 |
| x | libxfont | 1.2.6 |
| x | libxfont | 1.4.0 |
| x | libxfont | 1.2.5 |
| x | libxfont | 1.3.0 |
| x | libxfont | * |
| canonical | ubuntu_linux | 12.10 |
| x | libxfont | 1.2.7 |
| x | libxfont | 1.4.1 |
| canonical | ubuntu_linux | 10.04 |
| x | libxfont | 1.4.5 |
| x | libxfont | 1.3.2 |
| x | libxfont | 1.4.2 |
| canonical | ubuntu_linux | 12.04 |
| x | libxfont | 1.2.8 |
| x | libxfont | 1.2.4 |
| x | libxfont | 1.4.99 |
| x | libxfont | 1.3.3 |
| canonical | ubuntu_linux | 14.04 |
| x | libxfont | 1.2.9 |
Directory traversal vulnerability in tools/backlight_helper.c in X.Org xf86-video-intel 2.99.911 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the interface name.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | xf86-video-intel | 2.99.911 |
The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxfont | 1.5.0 |
| x | libxfont | * |
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 12.04 |
| debian | debian_linux | 7.0 |
| x | libxfont | 1.5.0 |
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 14.10 |
| x | libxfont | * |
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxfont | 1.5.0 |
| x | libxfont | * |
_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server | 7.0 |
| x | libxcursor | * |
| canonical | ubuntu_linux | 16.04 |
| redhat | enterprise_linux_desktop | 7.0 |
| canonical | ubuntu_linux | 14.04 |
| redhat | ansible_tower | 3.3 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_workstation | 7.0 |
Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-125,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxtst | * |
| fedoraproject | fedora | 25 |
| fedoraproject | fedora | 24 |
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.04 |
| canonical | ubuntu_linux | 14.04 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| x | libxfont | * |
libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxcursor | * |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.04 |
| canonical | ubuntu_linux | 14.04 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |