MidnightBSD

Advisories for x

CVE-2007-5199 HIGH

A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x libxfont 1.3.1
CVE-2010-1166 HIGH

The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
x x.org 7.1
CVE-2011-0465 HIGH

xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
x x11 r6.8.2
x x11 r6.9.0
x x11 r7.2
x x11 *
x x11 r6.6
x x11 r6.7.0
x x11 r6
x x11 r6.3
x x11 r6.8.1
x x11 r7.1
x x11 r6.8.0
matthias_hopf xrdb 1.0.2
matthias_hopf xrdb *
x x11 r6.4
x x11 r6.5.1
x x11 r6.7
matthias_hopf xrdb 1.0.6
x x11 r1
x x11 r7.4
matthias_hopf xrdb 1.0.3
matthias_hopf xrdb 1.0.5
x x11 r7.0
matthias_hopf xrdb 1.0.4
x x11 r7.5
matthias_hopf xrdb 1.0.7
x x11 r4
x x11 r5
x x11 r2
x x11 r7.3
x x11 r6.1
x x11 r3
CVE-2011-2895 HIGH

The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
openbsd openbsd 2.1
openbsd openbsd 2.9
openbsd openbsd 2.6
x libxfont 1.3.1
openbsd openbsd 3.0
openbsd openbsd 2.5
freetype freetype 2.1.9
openbsd openbsd 3.6
x libxfont 1.2.3
x libxfont 1.3.4
freebsd freebsd *
openbsd openbsd 3.4
openbsd openbsd 3.5
openbsd openbsd 2.4
openbsd openbsd 2.8
x libxfont 1.2.6
x libxfont 1.4.0
x libxfont 1.2.5
x libxfont 1.2.0
x libxfont 1.3.0
x libxfont *
openbsd openbsd 3.1
openbsd openbsd *
openbsd openbsd 3.2
x libxfont 1.2.7
x libxfont 1.2.1
x libxfont 1.4.1
openbsd openbsd 2.0
x libxfont 1.3.2
x libxfont 1.4.2
openbsd openbsd 2.3
x libxfont 1.2.8
x libxfont 1.2.4
netbsd netbsd *
openbsd openbsd 2.7
x libxfont 1.3.3
openbsd openbsd 2.2
openbsd openbsd 3.3
x libxfont 1.2.2
x libxfont 1.2.9
CVE-2013-1940 LOW

X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
canonical ubuntu_linux 11.04
canonical ubuntu_linux 12.10
canonical ubuntu_linux 12.04
x x.org-xserver 1.4.0
canonical ubuntu_linux 11.10
x x.org-xserver *
CVE-2013-1981 MEDIUM

Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.10
canonical ubuntu_linux 12.04
x libx11 *
canonical ubuntu_linux 13.04
x libx11 1.5.0
canonical ubuntu_linux 10.04
CVE-2013-1982 MEDIUM

Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XcupGetReservedColormapEntries, (2) XcupStoreColors, (3) XdbeGetVisualInfo, (4) XeviGetVisualInfo, (5) XShapeGetRectangles, and (6) XSyncListSystemCounters functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
x libxext *
x libxext 1.0.99.4
x libxext 1.1
x libxext 1.1.2
x libxext 1.2.0
x libxext 1.0.99.3
x libxext 1.0.99.2
x libxext 1.1.1
x libxext 1.3.0
CVE-2013-1983 MEDIUM

Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
x libxfixes *
x libxfixes 4.0.3
x libxfixes 4.0.1
x libxfixes 4.0.5
x libxfixes 4.0.4
x libxfixes 4.0
x libxfixes 4.0.2
CVE-2013-1985 MEDIUM

Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
x libxinerama 1.1
x libxinerama *
x libxinerama 1.0.3
x libxinerama 1.0.99.1
x libxinerama 1.0.2
x libxinerama 1.1.1
CVE-2013-1986 MEDIUM

Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
x libxrandr 1.2.99.2
x libxrandr 1.3.0
x libxrandr 1.3.1
x libxrandr 1.2.3
x libxrandr 1.2.99.1
x libxrandr 1.3.2
x libxrandr *
x libxrandr 1.2.99.3
x libxrandr 1.2.99.4
CVE-2013-1987 MEDIUM

Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats, and (3) XRenderQueryPictIndexValues functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.10
x libxrender 0.9.3
x libxrender 0.9.2
x libxrender 0.9.5
x libxrender *
x libxrender 0.9.1
canonical ubuntu_linux 13.04
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
x libxrender 0.9.4
opensuse opensuse 12.3
x libxrender 0.9.6
opensuse opensuse 12.2
CVE-2013-1988 MEDIUM

Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XResQueryClients and (2) XResQueryClientResources functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
x libxres 1.0.1
x libxres 1.0.2
x libxres *
x libxres 1.0.5
x libxres 1.0.3
x libxres 1.0.4
CVE-2013-1989 MEDIUM

Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvQueryPortAttributes, (2) XvListImageFormats, and (3) XvCreateImage function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
x libxv 1.0.6
x libxv 1.0.3
x libxv 1.0.4
x libxv 1.0.5
x libxv 1.0.2
x libxv *
CVE-2013-1990 MEDIUM

Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvMCListSurfaceTypes and (2) XvMCListSubpictureTypes functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
x libxvmc 1.0.5
x libxvmc 1.0.3
x libxvmc *
x libxvmc 1.0.4
x libxvmc 1.0.6
x libxvmc 1.0.2
CVE-2013-1991 MEDIUM

Multiple integer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XDGAQueryModes and (2) XDGASetMode functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
x libxxf86dga 1.0.2
x libxxf86dga *
x libxxf86dga 1.0.1
x libxxf86dga 1.1
x libxxf86dga 1.1.2
x libxxf86dga 1.0.99.1
x libxxf86dga 1.0.99.2
x libxxf86dga 1.1.1
CVE-2013-1992 MEDIUM

Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) DMXGetScreenAttributes, (2) DMXGetWindowAttributes, and (3) DMXGetInputAttributes functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
x libdmx 1.0.99.1
x libdmx 1.1.1
x libdmx 1.1.0
x libdmx 1.0.2
x libdmx *
CVE-2013-1993 MEDIUM

Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
mesa3d mesa 9.0.3
x libglx -
mesa3d mesa 9.0.2
mesa3d mesa 9.1
mesa3d mesa 9.0.1
mesa3d mesa *
mesa3d mesa 9.0
CVE-2013-1994 MEDIUM

Multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro in openChrome 0.3.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) uniDRIOpenConnection and (2) uniDRIGetClientDriverName functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
x libchromexvmc -
openchrome openchrome *
x libchromexvmcpro -
CVE-2013-1996 MEDIUM

X.org libFS 1.0.4 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the FSOpenServer function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x libfs 1.0.1
x libfs 1.0.2
x libfs 1.0.3
x libfs *
CVE-2013-1997 MEDIUM

Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x libx11 *
x libx11 1.5.0
CVE-2013-1999 MEDIUM

Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvMCGetDRInfo function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x libxvmc 1.0.5
x libxvmc 1.0.3
x libxvmc *
x libxvmc 1.0.4
x libxvmc 1.0.6
x libxvmc 1.0.2
CVE-2013-2000 MEDIUM

Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XDGAQueryModes and (2) XDGASetMode functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x libxxf86dga 1.0.2
x libxxf86dga *
x libxxf86dga 1.0.1
x libxxf86dga 1.1
x libxxf86dga 1.1.2
x libxxf86dga 1.0.99.1
x libxxf86dga 1.0.99.2
x libxxf86dga 1.1.1
CVE-2013-2001 MEDIUM

Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGetGammaRamp function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x libxxf86vm 1.1.1
x libxxf86vm 1.0.99.1
x libxxf86vm 1.0.1
x libxxf86vm 1.0.2
x libxxf86vm *
x libxxf86vm 1.1.0
CVE-2013-2002 MEDIUM

Buffer overflow in X.org libXt 1.1.3 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the _XtResourceConfigurationEH function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
x libxt 1.0.3
x libxt 1.0.7
x libxt 1.0.5
x libxt 1.1.1
x libxt 1.0.8
x libxt 1.0.4
x libxt *
x libxt 1.1.2
x libxt 1.0.9
x libxt 1.0.6
CVE-2013-2003 MEDIUM

Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
x libxcursor 1.1.6
x libxcursor 1.1.8
x libxcursor 1.1.11
x libxcursor 1.1.10
x libxcursor *
x libxcursor 1.1.12
x libxcursor 1.1.9
x libxcursor 1.1.7
CVE-2013-2004 MEDIUM

The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x libx11 *
x libx11 1.5.0
CVE-2013-2005 MEDIUM

X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors related to the (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut, (4) HandleNormal, and (5) HandleSelectionReplies functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x libxt 1.0.3
x libxt 1.0.7
x libxt 1.0.5
x libxt 1.1.1
x libxt 1.0.8
x libxt 1.0.4
x libxt *
x libxt 1.1.2
x libxt 1.0.9
x libxt 1.0.6
CVE-2013-2062 MEDIUM

Multiple integer overflows in X.org libXp 1.0.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XpGetAttributes, (2) XpGetOneAttribute, (3) XpGetPrinterList, and (4) XpQueryScreens functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
x libxp 1.0.0
x libxp *
CVE-2013-2063 MEDIUM

Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
x libxtst 1.1.0
x libxtst 1.0.2
x libxtst 1.0.3
x libxtst 1.0.99.1
x libxtst *
x libxtst 1.0.99.2
x libxtst 1.2.0
CVE-2013-2064 MEDIUM

Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
x libxcb 1.1.92
fedoraproject fedora 19
canonical ubuntu_linux 13.04
oracle secure_global_desktop 5.2
x libxcb 1.5
opensuse opensuse 12.3
x libxcb 1.1.93
x libxcb 1.4
opensuse opensuse 12.2
oracle secure_global_desktop 4.71
x libxcb 1.7
x libxcb 1.1.90.1
canonical ubuntu_linux 12.10
debian debian_linux 6.0
debian debian_linux 7.0
canonical ubuntu_linux 10.04
x libxcb 1.8.1
x libxcb 1.3
x libxcb 1.6
canonical ubuntu_linux 12.04
x libxcb 1.8
x libxcb 1.2
x libxcb 1.1.91
x libxcb *
CVE-2013-2066 MEDIUM

Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvQueryPortAttributes function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x libxv 1.0.6
x.org libxv 1.0.3
x.org libxv 1.0.6
x libxv 1.0.4
x libxv 1.0.5
x.org libxv 1.0.2
x libxv *
x.org libxv 1.0.5
x.org libxv 1.0.7
x.org libxv 1.0.4
x libxv 1.0.3
x libxv 1.0.2
CVE-2013-2179 MEDIUM

X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing authentication using certain implementations of the crypt API function that can return NULL, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by attempting to log into an account whose password field contains invalid characters, as demonstrated using the crypt function from glibc 2.17 and later with (1) the "!" character in the salt portion of a password field or (2) a password that has been encrypted using DES or MD5 in FIPS-140 mode.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
x x_display_manager 1.1.11
x x_display_manager 1.1.10
CVE-2013-4396 MEDIUM

Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
x x.org_x11 6.1
x x.org_x11 6.7
x x.org_x11 6.8.2
x x.org_x11 6.9.0
x x.org_x11 7.0
x x.org_x11 6.5.1
x x.org_x11 6.8
x x.org_x11 6.4
x x.org_x11 6.0
x x.org_x11 7.1
x x.org_x11 7.2
x x.org_x11 7.7
x x.org_x11 6.8.1
x x.org_x11 6.3
x x.org_x11 7.3
x x.org_x11 7.4
x x.org_x11 6.6
x x.org_x11 7.5
x x.org_x11 7.6
CVE-2013-6462 HIGH

Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x libxfont 1.4.6
x libxfont 1.2.7
x libxfont 1.2.1
x libxfont 1.3.1
x libxfont 1.4.1
x libxfont 1.4.3
x libxfont 1.4.4
x libxfont 1.2.3
x libxfont 1.3.4
x libxfont 1.4.5
x libxfont 1.3.2
x libxfont 1.4.2
x libxfont 1.2.8
x libxfont 1.2.4
x libxfont 1.2.6
x libxfont 1.1.0
x libxfont 1.4.0
x libxfont 1.3.3
x libxfont 1.2.5
x libxfont 1.2.0
x libxfont 1.2.2
x libxfont 1.2.9
x libxfont 1.3.0
CVE-2014-0209 MEDIUM

Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
x libxfont 1.4.6
x libxfont 1.3.1
x libxfont 1.4.3
x libxfont 1.4.4
x libxfont 1.2.3
x libxfont 1.3.4
canonical ubuntu_linux 13.10
x libxfont 1.2.6
x libxfont 1.4.0
x libxfont 1.2.5
x libxfont 1.3.0
x libxfont *
canonical ubuntu_linux 12.10
x libxfont 1.2.7
x libxfont 1.4.1
canonical ubuntu_linux 10.04
x libxfont 1.4.5
x libxfont 1.3.2
x libxfont 1.4.2
canonical ubuntu_linux 12.04
x libxfont 1.2.8
x libxfont 1.2.4
x libxfont 1.4.99
x libxfont 1.3.3
canonical ubuntu_linux 14.04
x libxfont 1.2.9
CVE-2014-0210 HIGH

Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x libxfont 1.4.6
x libxfont 1.3.1
x libxfont 1.4.3
x libxfont 1.4.4
x libxfont 1.2.3
x libxfont 1.3.4
canonical ubuntu_linux 13.10
x libxfont 1.2.6
x libxfont 1.4.0
x libxfont 1.2.5
x libxfont 1.3.0
x libxfont *
canonical ubuntu_linux 12.10
x libxfont 1.2.7
x libxfont 1.4.1
canonical ubuntu_linux 10.04
x libxfont 1.4.5
x libxfont 1.3.2
x libxfont 1.4.2
canonical ubuntu_linux 12.04
x libxfont 1.2.8
x libxfont 1.2.4
x libxfont 1.4.99
x libxfont 1.3.3
canonical ubuntu_linux 14.04
x libxfont 1.2.9
CVE-2014-0211 HIGH

Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
x libxfont 1.4.6
x libxfont 1.3.1
x libxfont 1.4.3
x libxfont 1.4.4
x libxfont 1.2.3
x libxfont 1.3.4
canonical ubuntu_linux 13.10
x libxfont 1.2.6
x libxfont 1.4.0
x libxfont 1.2.5
x libxfont 1.3.0
x libxfont *
canonical ubuntu_linux 12.10
x libxfont 1.2.7
x libxfont 1.4.1
canonical ubuntu_linux 10.04
x libxfont 1.4.5
x libxfont 1.3.2
x libxfont 1.4.2
canonical ubuntu_linux 12.04
x libxfont 1.2.8
x libxfont 1.2.4
x libxfont 1.4.99
x libxfont 1.3.3
canonical ubuntu_linux 14.04
x libxfont 1.2.9
CVE-2014-4910 MEDIUM

Directory traversal vulnerability in tools/backlight_helper.c in X.Org xf86-video-intel 2.99.911 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the interface name.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
x xf86-video-intel 2.99.911
CVE-2015-1802 HIGH

The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x libxfont 1.5.0
x libxfont *
CVE-2015-1803 HIGH

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
debian debian_linux 7.0
x libxfont 1.5.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 14.10
x libxfont *
CVE-2015-1804 HIGH

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
x libxfont 1.5.0
x libxfont *
CVE-2015-9262 HIGH

_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 7.0
x libxcursor *
canonical ubuntu_linux 16.04
redhat enterprise_linux_desktop 7.0
canonical ubuntu_linux 14.04
redhat ansible_tower 3.3
debian debian_linux 8.0
redhat enterprise_linux_workstation 7.0
CVE-2016-7951 HIGH

Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,CWE-190,

Products Affected

Vendor Product Version
x libxtst *
fedoraproject fedora 25
fedoraproject fedora 24
CVE-2017-16611 MEDIUM

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.10
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.04
canonical ubuntu_linux 14.04
debian debian_linux 8.0
debian debian_linux 9.0
x libxfont *
CVE-2017-16612 MEDIUM

libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
x libxcursor *
canonical ubuntu_linux 17.10
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.04
canonical ubuntu_linux 14.04
debian debian_linux 8.0
debian debian_linux 9.0