MidnightBSD

Advisories for x.org

CVE-1999-0526 HIGH

An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
x.org x11 7.1_1.1.0
CVE-1999-0965 MEDIUM

Race condition in xterm allows local users to modify arbitrary files via the logging option.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
x.org x11 5.0
x.org x11 *
x.org xterm *
CVE-2004-0419 HIGH

XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
x.org x11r6 6.7.0
xfree86_project xdm cvs
gentoo linux 1.4
CVE-2004-0687 HIGH

Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
x.org x11r6 6.7.0
xfree86_project x11r6 4.2.1
suse suse_linux 9.0
suse suse_linux 8.1
suse suse_linux 9.1
xfree86_project x11r6 4.1.11
xfree86_project x11r6 4.1.0
openbsd openbsd 3.4
suse suse_linux 8.2
xfree86_project x11r6 4.1.12
xfree86_project x11r6 4.0
xfree86_project x11r6 4.2.0
xfree86_project x11r6 3.3.6
openbsd openbsd 3.5
xfree86_project x11r6 4.0.3
x.org x11r6 6.8
xfree86_project x11r6 4.0.2.11
xfree86_project x11r6 4.0.1
xfree86_project x11r6 4.3.0
suse suse_linux 8
CVE-2004-0688 HIGH

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
x.org x11r6 6.7.0
xfree86_project x11r6 4.2.1
suse suse_linux 9.0
suse suse_linux 8.1
suse suse_linux 9.1
xfree86_project x11r6 4.1.11
xfree86_project x11r6 4.1.0
openbsd openbsd 3.4
suse suse_linux 8.2
xfree86_project x11r6 4.1.12
xfree86_project x11r6 4.0
xfree86_project x11r6 4.2.0
xfree86_project x11r6 3.3.6
openbsd openbsd 3.5
xfree86_project x11r6 4.0.3
x.org x11r6 6.8
xfree86_project x11r6 4.0.2.11
xfree86_project x11r6 4.0.1
xfree86_project x11r6 4.3.0
suse suse_linux 8
CVE-2004-0914 HIGH

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
suse suse_linux 9.0
lesstif lesstif 0.93.36
xfree86_project x11r6 3.3
xfree86_project x11r6 4.1.11
lesstif lesstif 0.93.91
xfree86_project x11r6 3.3.3
suse suse_linux 8.2
xfree86_project x11r6 4.0
redhat fedora_core core_3.0
lesstif lesstif 0.93.40
xfree86_project x11r6 3.3.4
lesstif lesstif 0.93.94
suse suse_linux 1.0
suse suse_linux 9.2
lesstif lesstif 0.93
xfree86_project x11r6 4.0.1
x.org x11r6 6.8.1
xfree86_project x11r6 4.3.0
suse suse_linux 8
lesstif lesstif 0.93.34
x.org x11r6 6.7.0
xfree86_project x11r6 4.2.1
suse suse_linux 8.1
suse suse_linux 9.1
lesstif lesstif 0.93.12
xfree86_project x11r6 4.1.0
lesstif lesstif 0.93.18
xfree86_project x11r6 4.1.12
redhat fedora_core core_2.0
xfree86_project x11r6 4.2.0
xfree86_project x11r6 3.3.2
xfree86_project x11r6 3.3.6
xfree86_project x11r6 3.3.5
xfree86_project x11r6 4.0.3
lesstif lesstif 0.93.96
x.org x11r6 6.8
xfree86_project x11r6 4.0.2.11
gentoo linux *
CVE-2005-0605 HIGH

scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
suse suse_linux 7.1
suse suse_linux 9.0
xfree86_project x11r6 3.3
xfree86_project x11r6 3.3.3
suse suse_linux 8.2
suse suse_linux 8.0
xfree86_project x11r6 4.3.0.2
xfree86_project x11r6 4.0
suse suse_linux 7.3
redhat enterprise_linux 3.0
redhat fedora_core core_3.0
xfree86_project x11r6 3.3.4
lesstif lesstif 0.93.94
redhat enterprise_linux_desktop 4.0
xfree86_project x11r6 4.0.1
xfree86_project x11r6 4.3.0
x.org x11r6 6.7.0
redhat enterprise_linux 4.0
xfree86_project x11r6 4.2.1
suse suse_linux 6.4
xfree86_project x11r6 4.1.0
xfree86_project x11r6 4.1.12
xfree86_project x11r6 3.3.6
xfree86_project x11r6 3.3.5
xfree86_project x11r6 4.0.3
suse suse_linux 6.1
redhat enterprise_linux_desktop 3.0
xfree86_project x11r6 4.3.0.1
xfree86_project x11r6 4.1.11
mandrakesoft mandrake_linux 10.1
suse suse_linux 6.3
suse suse_linux 7.2
mandrakesoft mandrake_linux_corporate_server 3.0
suse suse_linux 9.2
x.org x11r6 6.8.1
altlinux alt_linux 2.3
sgi propack 3.0
mandrakesoft mandrake_linux_corporate_server 2.1
suse suse_linux 8.1
suse suse_linux 9.1
mandrakesoft mandrake_linux 10.0
redhat fedora_core core_2.0
xfree86_project x11r6 4.2.0
xfree86_project x11r6 3.3.2
mandrakesoft mandrake_linux 10.2
suse suse_linux 6.2
x.org x11r6 6.8
xfree86_project x11r6 4.0.2.11
suse suse_linux 7.0
CVE-2006-0197 MEDIUM

The XClientMessageEvent struct used in certain components of X.Org 6.8.2 and earlier, possibly including (1) the X server and (2) Xlib, uses a "long" specifier for elements of the l array, which results in inconsistent sizes in the struct on 32-bit versus 64-bit platforms, and might allow attackers to cause a denial of service (application crash) and possibly conduct other attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
x.org x.org *
CVE-2006-0745 HIGH

X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
x.org x11r7 1.0.1
x.org x11r7 1.0
mandrakesoft mandrake_linux 2006
redhat fedora_core core_5.0
sun solaris 10.0
x.org x11r6 6.9
suse suse_linux 10.0
CVE-2006-1526 LOW

Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
x.org x11r6 6.7.0
x.org x11r6 6.8
x.org x11r6 6.9
x.org x11r6 6.8.1
CVE-2006-5397 LOW

The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
x.org libx11 1.0.3
x.org libx11 1.0.2
CVE-2007-1667 HIGH

Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
debian debian_linux 3.1
canonical ubuntu_linux 7.04
canonical ubuntu_linux 6.06
debian debian_linux 4.0
x.org libx11 *
canonical ubuntu_linux 6.10
CVE-2007-4568 MEDIUM

Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-189,

Products Affected

Vendor Product Version
x.org x_font_server 1.0.2
x.org x_font_server 1.0.4
x.org x_font_server 1.0.1
CVE-2011-4028 LOW

The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
x.org x_server 1.11.0
x.org x_server *
CVE-2011-4029 LOW

The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-362,

Products Affected

Vendor Product Version
x.org x_server 1.11.0
x.org x_server *
CVE-2012-2118 HIGH

Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
x.org x11 1.11
CVE-2013-1984 MEDIUM

Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
x.org libxi 1.6.99.1
x.org libxi 1.7
x.org libxi 1.5.0
x.org libxi 1.6.2
x.org libxi 1.5.99.2
x.org libxi 1.6.0
x.org libxi 1.6.1
x.org libxi *
x.org libxi 1.5.99.3
CVE-2013-1995 MEDIUM

X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x.org libxi 1.6.99.1
x.org libxi 1.7
x.org libxi 1.5.0
x.org libxi 1.6.2
x.org libxi 1.5.99.2
x.org libxi 1.6.0
x.org libxi 1.6.1
x.org libxi *
x.org libxi 1.5.99.3
CVE-2013-1998 MEDIUM

Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x.org libxi 1.6.99.1
x.org libxi 1.7
x.org libxi 1.5.0
x.org libxi 1.6.2
x.org libxi 1.5.99.2
x.org libxi 1.6.0
x.org libxi 1.6.1
x.org libxi *
x.org libxi 1.5.99.3
CVE-2013-2066 MEDIUM

Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvQueryPortAttributes function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x libxv 1.0.5
x.org libxv 1.0.5
x libxv 1.0.2
x libxv 1.0.3
x.org libxv 1.0.2
x libxv *
x.org libxv 1.0.7
x libxv 1.0.4
x.org libxv 1.0.4
x.org libxv 1.0.6
x libxv 1.0.6
x.org libxv 1.0.3
CVE-2013-7439 HIGH

Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
x.org libx11 1.5.0
x.org libx11 1.4.99.902
x.org x11 6.1
x.org libx11 1.4.3
x.org libx11 1.0.2
x.org libx11 1.1.99.1
x.org libx11 1.3.1
x.org libx11 1.3.4
x.org libx11 1.3.99.903
x.org x11 6.4
x.org libx11 1.1.4
x.org libx11 1.3.6
canonical ubuntu_linux 14.04
x.org libx11 1.2
x.org libx11 1.2.1
x.org libx11 1.1.5
x.org libx11 1.5.99.902
x.org x11 6.0
x.org x11 6.8.1
x.org libx11 1.0.1
x.org libx11 1.4.0
x.org libx11 1.3.5
x.org libx11 1.1
x.org libx11 1.3.99.902
x.org x11 6.8.2
x.org libx11 1.3.2
x.org x11 6.6
x.org libx11 1.4.1
canonical ubuntu_linux 14.10
x.org libx11 1.3
x.org libx11 1.4.99.901
x.org x11 6.3
x.org libx11 1.3.99.901
x.org libx11 1.3.3
x.org x11 6.8.0
x.org x11 6.7
x.org libx11 1.1.99.2
x.org libx11 1.4.2
x.org libx11 1.0.3
x.org x11 6.5.1
x.org libx11 1.4.4
x.org libx11 1.2.2
x.org libx11 1.5.99.901
x.org x11 6.9
x.org libx11 1.1.6
canonical ubuntu_linux 12.04
debian debian_linux 7.0
CVE-2014-8091 MEDIUM

X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
x.org x11 5.0
x.org xorg-server *
x.org x_server *
CVE-2014-8092 MEDIUM

Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
x.org xorg-server *
x.org x_server *
x.org x11 1.0
CVE-2014-8093 MEDIUM

Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
x.org x11 6.7
x.org xfree86 4.0
x.org xorg-server *
x.org x_server *
CVE-2014-8094 MEDIUM

Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers an out-of-bounds read or write.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
x.org x_server 1.10.1
x.org xorg-server 1.15.99.902
x.org xorg-server 1.9.3.902
x.org xorg-server 1.7.4.901
x.org xorg-server 1.12.1.902
x.org xorg-server 1.7.99.2
x.org x_server 1.14.2
x.org xorg-server 1.15.1
x.org x_server 1.8.2.902
x.org xorg-server 1.7.3.902
x.org x_server 1.10.2.902
x.org x_server 1.13.2.901
x.org xorg-server 1.10.0.902
x.org xorg-server 1.15.99.903
x.org x_server 1.13.0.901
x.org x_server 1.14.99.902
x.org x_server 1.10.2.901
x.org x_server 1.11.2.902
x.org xorg-server 1.15.0
x.org x_server 1.7.99.901
x.org x_server 1.12.4
x.org xorg-server 1.14.2
x.org x_server 1.7.7
x.org xorg-server 1.7.99.1
x.org x_server 1.12.2
x.org xorg-server 1.14.99.901
x.org x_server 1.15.1
x.org xorg-server 1.16.2.901
x.org xorg-server 1.8.99.901
x.org x_server 1.9.0.902
x.org x_server 1.14.99.905
x.org xorg-server 1.9.1
x.org x_server 1.9.99.901
x.org xorg-server 1.13.1.901
x.org xorg-server 1.11.99.902
x.org xorg-server 1.14.2.901
x.org x_server 1.7.2.902
x.org xorg-server 1.8.2.902
x.org x_server 1.11.2
x.org x_server 1.11.4
x.org xorg-server 1.16.2.99.901
x.org x_server 1.9.3.901
x.org x_server 1.11.99.2
x.org x_server 1.9.3.902
x.org x_server 1.16.1.901
x.org xorg-server 1.9.3.901
x.org x_server 1.8.0
x.org x_server 1.10.6
x.org x_server 1.13.99.901
x.org x_server 1.14.2.901
x.org x_server 1.11.1.901
x.org x_server 1.13.2.902
x.org xorg-server 1.7.2.902
x.org xorg-server 1.12.2.901
x.org xorg-server 1.12.2.902
x.org x_server 1.7.0
x.org x_server 1.7.1.902
x.org xorg-server 1.11.3
x.org xorg-server 1.14.4
x.org xorg-server 1.8.1.902
x.org xorg-server 1.9.0
x.org xorg-server 1.14.99.904
x.org xorg-server 1.14.7
x.org xorg-server 1.7.1.901
x.org xorg-server 1.14.5
x.org xorg-server 1.14.99.3
x.org x_server 1.11.1.902
x.org x_server 1.11.2.901
x.org x_server 1.11.99.902
x.org x_server 1.7.3.901
x.org xorg-server 1.14.2.902
x.org x_server 1.11.1
x.org x_server 1.16.0
x.org xorg-server 1.10.1
x.org xorg-server 1.15.99.904
x.org xorg-server 1.7.6.902
x.org xorg-server 1.9.4.901
x.org xorg-server 1.10.2.902
x.org x_server 1.8.99.903
x.org xorg-server 1.8.1
x.org xorg-server 1.7.2.901
x.org x_server 1.14.1.901
x.org xorg-server 1.10.1.902
x.org x_server 1.16.2
x.org x_server 1.7.5.902
x.org xorg-server 1.7.2
oracle solaris 10
x.org xorg-server 1.13.0.901
x.org xorg-server 1.7.99.901
x.org x_server 1.9.99.902
x.org x_server 1.11.99.901
x.org xorg-server 1.8.2
x.org x_server 1.10.4
x.org x_server 1.14.2.902
x.org x_server 1.9.4.901
x.org x_server 1.13.1.901
x.org x_server 1.9.1
x.org x_server 1.9.3
x.org xorg-server 1.7.4
x.org xorg-server 1.16.1.901
x.org x_server 1.12.99.901
x.org xorg-server 1.9.99.903
x.org xorg-server 1.11.2.901
x.org xorg-server 1.9.5
x.org xorg-server 1.14.1.902
x.org xorg-server 1.12.99.905
x.org x_server 1.8.2
x.org x_server 1.11.0
x.org xorg-server 1.11.1.901
x.org xorg-server 1.14.5.901
x.org x_server 1.7.4
x.org x_server 1.7.3
x.org x_server 1.14.99.901
x.org x_server 1.11.99.1
x.org x_server 1.12.3
x.org x_server 1.12.99.902
x.org xorg-server 1.13.1
x.org x_server 1.16.2.901
x.org x_server 1.9.0
x.org x_server 1.13.0
x.org x_server 1.9.0.901
x.org x_server 1.10.2
x.org x_server 1.8.1.901
x.org xorg-server 1.10.3
x.org xorg-server 1.14.99.2
x.org xorg-server 1.11.0
x.org x_server 1.10.0.902
x.org xorg-server 1.11.3.902
x.org x_server 1.13.1
x.org xorg-server 1.12.0.902
x.org xorg-server 1.12.99.901
x.org x_server 1.13.2
x.org x_server 1.14.99.903
x.org xorg-server 1.7.5.901
x.org x_server 1.7.3.902
x.org xorg-server 1.14.4.901
x.org x_server 1.8.99.901
x.org x_server 1.9.2.901
x.org x_server 1.14.99.3
x.org xorg-server 1.9.0.902
x.org xorg-server 1.10.99.902
x.org xorg-server 1.7.7
x.org x_server 1.7.0.902
x.org x_server 1.14.5.901
x.org x_server 1.14.6
x.org x_server 1.15.99.901
x.org xorg-server 1.8.0.902
x.org x_server 1.14.99.1
x.org xorg-server 1.9.4
x.org xorg-server 1.12.99.904
x.org xorg-server 1.7.5.902
x.org x_server 1.15.99.902
x.org xorg-server 1.14.99.1
x.org x_server 1.10.99.902
x.org x_server 1.9.5
x.org x_server 1.15.99.904
x.org xorg-server 1.10.2.901
oracle solaris 11.2
x.org x_server 1.7.99.902
x.org xorg-server 1.7.1.902
x.org xorg-server 1.16.1
x.org xorg-server 1.12.2
x.org xorg-server 1.8.1.901
x.org xorg-server 1.16.0.901
x.org xorg-server 1.12.3.901
x.org x_server 1.12.2.901
x.org xorg-server 1.9.2.901
x.org xorg-server 1.8.99.904
x.org x_server 1.14.7
x.org xorg-server 1.8.99.902
x.org x_server 1.15.0
x.org xorg-server 1.7.6.901
x.org xorg-server 1.14.99.905
x.org xorg-server 1.7.6
x.org xorg-server 1.8.2.901
x.org x_server 1.7.6.902
x.org x_server 1.7.99.1
x.org xorg-server 1.11.1.902
x.org xorg-server 1.14.1.901
x.org x_server 1.8.2.901
x.org xorg-server 1.11.2
x.org x_server 1.12.99.903
x.org x_server 1.8.0.901
x.org xorg-server 1.13.2
x.org xorg-server 1.11.2.902
x.org x_server 1.15.99.903
x.org x_server 1.16.2.99.901
x.org xorg-server 1.15.0.901
x.org xorg-server 1.11.4
x.org xorg-server 1.11.99.2
x.org xorg-server 1.12.3.902
x.org x_server 1.8.1
x.org x_server 1.8.99.904
x.org x_server 1.10.0.901
x.org x_server 1.12.0.901
x.org xorg-server 1.11.3.901
x.org x_server 1.9.4
x.org xorg-server 1.10.4
x.org xorg-server 1.14.99.903
x.org xorg-server 1.7.3
x.org xorg-server 1.14.6
x.org x_server 1.7.99.2
x.org x_server 1.9.99.903
x.org xorg-server 1.10.99.901
x.org xorg-server 1.14.3
x.org x_server 1.14.3
x.org xorg-server 1.8.0
x.org xorg-server 1.12.99.902
x.org x_server 1.11.3.901
x.org xorg-server 1.12.0
x.org xorg-server 1.13.0.902
x.org xorg-server 1.13.4
x.org xorg-server 1.13.99.901
x.org xorg-server 1.14.3.901
x.org xorg-server 1.16.0
x.org xorg-server 1.10.3.902
x.org x_server 1.12.3.901
x.org x_server 1.10.0
x.org x_server 1.9.2.902
x.org xorg-server 1.11.1
x.org x_server 1.16.0.901
x.org xorg-server 1.8.0.901
x.org x_server 1.8.99.902
x.org x_server 1.15.2
x.org xorg-server 1.7.0
x.org x_server 1.8.99.905
x.org x_server 1.14.5
x.org x_server 1.7.5.901
x.org xorg-server 1.10.2
x.org xorg-server 1.7.4.902
x.org x_server 1.9.2
x.org xorg-server 1.16.2
x.org x_server 1.11.3.902
x.org x_server 1.16.1
x.org xorg-server 1.9.2
x.org xorg-server 1.12.0.901
x.org xorg-server 1.13.99.902
x.org xorg-server 1.10.0
x.org xorg-server 1.10.3.901
x.org xorg-server 1.12.3
x.org xorg-server 1.7.99.902
x.org x_server 1.7.1.901
x.org xorg-server 1.11.99.903
x.org xorg-server 1.13.3
x.org x_server 1.12.0
x.org xorg-server 1.8.99.905
x.org xorg-server 1.9.99.901
x.org x_server 1.12.3.902
x.org x_server 1.7.6.901
x.org x_server 1.11.99.903
x.org xorg-server 1.10.1.901
x.org x_server 1.8.1.902
x.org x_server 1.7.4.902
x.org x_server 1.13.3
x.org xorg-server 1.12.4
x.org x_server 1.14.4.901
x.org xorg-server 1.8.99.903
x.org x_server 1.12.0.902
x.org xorg-server 1.14.99.902
x.org xorg-server 1.9.0.901
x.org x_server 1.10.3
x.org xorg-server 1.7.3.901
x.org x_server 1.12.2.902
x.org x_server 1.10.1.901
x.org x_server 1.7.2
x.org x_server 1.12.99.904
x.org xorg-server 1.15.2
x.org x_server 1.11.3
x.org xorg-server 1.9.2.902
debian debian_linux 7.0
x.org xorg-server 1.7.0.901
x.org x_server 1.12.1.902
x.org x_server 1.12.1.901
x.org x_server 1.12.99.905
x.org xorg-server 1.9.3
x.org x_server 1.13.0.902
x.org x_server 1.13.99.902
x.org xorg-server 1.14.0
x.org xorg-server 1.14.1
x.org x_server 1.8.0.902
x.org x_server 1.13.4
x.org xorg-server 1.10.6
x.org x_server 1.14.99.904
x.org x_server 1.14.1
x.org x_server 1.7.0.901
x.org xorg-server 1.13.2.902
x.org x_server 1.7.4.901
x.org x_server 1.15.0.901
x.org x_server 1.14.4
x.org x_server 1.14.3.901
x.org x_server 1.7.2.901
x.org x_server 1.14.0
x.org xorg-server 1.11.99.1
x.org xorg-server 1.13.2.901
x.org x_server 1.10.99.901
x.org x_server 1.7.1
x.org xorg-server 1.13.0
x.org xorg-server 1.12.99.903
x.org xorg-server 1.15.99.901
x.org x_server 1.14.99.2
x.org xorg-server 1.10.0.901
x.org xorg-server 1.11.99.901
x.org xorg-server 1.7.0.902
x.org x_server 1.7.5
x.org x_server 1.10.3.902
x.org x_server 1.14.1.902
x.org xorg-server 1.7.5
x.org xorg-server 1.7.1
x.org xorg-server 1.9.99.902
x.org x_server 1.7.6
x.org xorg-server 1.12.1.901
x.org x_server 1.10.1.902
x.org x_server 1.10.3.901
CVE-2014-8095 MEDIUM

The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8) SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice, (11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13) ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15) ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17) SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19) SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice, (22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24) SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus, or (27) SProcXIWarpPointer function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x.org x11 4.0
debian debian_linux 7.0
x.org xorg-server *
x.org x_server *
CVE-2014-8096 MEDIUM

The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
debian debian_linux 7.1
x.org x11 6.0
debian debian_linux 8.0
x.org xorg-server *
x.org x_server *
CVE-2014-8097 MEDIUM

The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcDbeSwapBuffers or (2) SProcDbeSwapBuffers function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x.org x11 6.1
x.org xorg-server *
x.org x_server *
CVE-2014-8098 MEDIUM

The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) __glXDisp_Render, (2) __glXDisp_RenderLarge, (3) __glXDispSwap_VendorPrivate, (4) __glXDispSwap_VendorPrivateWithReply, (5) set_client_info, (6) __glXDispSwap_SetClientInfoARB, (7) DoSwapInterval, (8) DoGetProgramString, (9) DoGetString, (10) __glXDispSwap_RenderMode, (11) __glXDisp_GetCompressedTexImage, (12) __glXDispSwap_GetCompressedTexImage, (13) __glXDisp_FeedbackBuffer, (14) __glXDispSwap_FeedbackBuffer, (15) __glXDisp_SelectBuffer, (16) __glXDispSwap_SelectBuffer, (17) __glXDisp_Flush, (18) __glXDispSwap_Flush, (19) __glXDisp_Finish, (20) __glXDispSwap_Finish, (21) __glXDisp_ReadPixels, (22) __glXDispSwap_ReadPixels, (23) __glXDisp_GetTexImage, (24) __glXDispSwap_GetTexImage, (25) __glXDisp_GetPolygonStipple, (26) __glXDispSwap_GetPolygonStipple, (27) __glXDisp_GetSeparableFilter, (28) __glXDisp_GetSeparableFilterEXT, (29) __glXDisp_GetConvolutionFilter, (30) __glXDisp_GetConvolutionFilterEXT, (31) __glXDisp_GetHistogram, (32) __glXDisp_GetHistogramEXT, (33) __glXDisp_GetMinmax, (34) __glXDisp_GetMinmaxEXT, (35) __glXDisp_GetColorTable, (36) __glXDisp_GetColorTableSGI, (37) GetSeparableFilter, (38) GetConvolutionFilter, (39) GetHistogram, (40) GetMinmax, or (41) GetColorTable function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x.org x11 6.7
debian debian_linux 7.0
x.org xfree86 4.0
x.org xorg-server *
x.org x_server *
CVE-2014-8099 MEDIUM

The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXvQueryExtension, (2) SProcXvQueryAdaptors, (3) SProcXvQueryEncodings, (4) SProcXvGrabPort, (5) SProcXvUngrabPort, (6) SProcXvPutVideo, (7) SProcXvPutStill, (8) SProcXvGetVideo, (9) SProcXvGetStill, (10) SProcXvPutImage, (11) SProcXvShmPutImage, (12) SProcXvSelectVideoNotify, (13) SProcXvSelectPortNotify, (14) SProcXvStopVideo, (15) SProcXvSetPortAttribute, (16) SProcXvGetPortAttribute, (17) SProcXvQueryBestSize, (18) SProcXvQueryPortAttributes, (19) SProcXvQueryImageAttributes, or (20) SProcXvListImageFormats function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x.org x11 6.7
x.org xfree86 4.0
x.org xorg-server *
x.org x_server *
CVE-2014-8100 MEDIUM

The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x.org x11 6.7
x.org xfree86 4.0.1
x.org xorg-server *
x.org x_server *
CVE-2014-8101 MEDIUM

The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x.org x11 6.7
x.org xfree86 4.2.0
x.org xorg-server *
x.org x_server *
CVE-2014-8102 MEDIUM

The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x.org x11 6.8
debian debian_linux 7.0
x.org xorg-server *
x.org x_server *
CVE-2014-8103 MEDIUM

X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) sproc_dri3_query_version, (2) sproc_dri3_open, (3) sproc_dri3_pixmap_from_buffer, (4) sproc_dri3_buffer_from_pixmap, (5) sproc_dri3_fence_from_fd, (6) sproc_dri3_fd_from_fence, (7) proc_present_query_capabilities, (8) sproc_present_query_version, (9) sproc_present_pixmap, (10) sproc_present_notify_msc, (11) sproc_present_select_input, or (12) sproc_present_query_capabilities function in the (a) DRI3 or (b) Present extension.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x.org xorg-server 1.15.99.902
x.org xorg-server 1.16.2
x.org xorg-server 1.16.1
x.org xorg-server 1.16.2.99.901
x.org x_server 1.16.2
x.org x_server 1.16.1
x.org xorg-server 1.15.1
x.org xorg-server 1.16.0.901
x.org x_server 1.16.1.901
x.org xorg-server 1.15.99.903
x.org xorg-server 1.16.1.901
x.org x_server 1.15.0
x.org x_server 1.15.0.901
x.org x_server 1.15.99.901
x.org xorg-server 1.15.0
x.org xorg-server 1.16.0
x.org x_server 1.15.99.902
x.org xorg-server 1.15.99.901
x.org x_server 1.15.1
x.org x_server 1.16.2.901
x.org xorg-server 1.16.2.901
x.org x_server 1.15.99.903
x.org x_server 1.16.0
x.org x_server 1.16.0.901
x.org x_server 1.16.2.99.901
x.org xorg-server 1.15.99.904
x.org x_server 1.15.99.904
x.org xorg-server 1.15.0.901
x.org x_server 1.15.2
x.org xorg-server 1.15.2
CVE-2015-0255 MEDIUM

X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
opensuse opensuse 13.1
x.org xorg-server 1.17.0
x.org xorg-server *
x.org x_server *
x.org x_server 1.17.0
CVE-2015-3164 LOW

The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
x.org xorg-server 1.16.2
x.org xorg-server 1.16.1
x.org xorg-server 1.16.3
x.org x_server 1.16.2
x.org xorg-server 1.16.0
x.org x_server 1.16.1
x.org xorg-server 1.17.1
x.org x_server 1.16.1.901
x.org x_server 1.16.3
x.org x_server 1.16.2.901
x.org x_server 1.17.0
x.org xorg-server 1.16.2.901
x.org x_server 1.16.0
x.org xorg-server 1.16.4
x.org xorg-server 1.16.1.901
x.org xorg-server 1.16.99.901
x.org xorg-server 1.16.99.902
x.org xorg-server 1.17.0
CVE-2015-3418 MEDIUM

The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
x.org xorg-server *
x.org x_server *
CVE-2016-10164 HIGH

Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-190,CWE-787,

Products Affected

Vendor Product Version
x.org libxpm *
CVE-2016-5407 HIGH

The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-125,

Products Affected

Vendor Product Version
fedoraproject fedora 24
x.org libxv *
fedoraproject fedora 25
CVE-2016-7942 HIGH

The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 25
x.org libx11 *
CVE-2016-7943 HIGH

The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 25
x.org libx11 *
CVE-2016-7944 HIGH

Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-264,

Products Affected

Vendor Product Version
fedoraproject fedora 24
x.org libxfixes *
fedoraproject fedora 25
CVE-2016-7945 MEDIUM

Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-190,

Products Affected

Vendor Product Version
fedoraproject fedora 24
fedoraproject fedora 25
x.org libxi *
CVE-2016-7946 MEDIUM

X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
fedoraproject fedora 24
fedoraproject fedora 25
x.org libxi *
CVE-2016-7947 HIGH

Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 24
x.org libxrandr *
fedoraproject fedora 25
CVE-2016-7948 HIGH

X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 24
x.org libxrandr *
fedoraproject fedora 25
CVE-2016-7949 HIGH

Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 24
fedoraproject fedora 25
x.org libxrender *
CVE-2016-7950 HIGH

The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 24
fedoraproject fedora 25
x.org libxrender *
CVE-2016-7952 MEDIUM

X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-284,

Products Affected

Vendor Product Version
fedoraproject fedora 24
x.org libxtst *
fedoraproject fedora 25
CVE-2016-7953 HIGH

Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
fedoraproject fedora 24
fedoraproject fedora 25
x.org libxvmc *
CVE-2017-10971 MEDIUM

In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x.org xorg-server *
x.org x_server *
CVE-2017-10972 MEDIUM

Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-665,

Products Affected

Vendor Product Version
x.org xorg-server *
x.org x_server *
CVE-2017-12176 HIGH

xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-391,CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
x.org xorg-server *
x.org x_server *
CVE-2017-12177 HIGH

xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-391,CWE-190,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
x.org xorg-server *
x.org x_server *
CVE-2017-12178 HIGH

xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-391,CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
x.org xorg-server *
x.org x_server *
CVE-2017-12179 HIGH

xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-391,CWE-190,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
x.org xorg-server *
x.org x_server *
CVE-2017-12180 HIGH

xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-391,CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
x.org xorg-server *
x.org x_server *
CVE-2017-12181 HIGH

xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-391,CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
x.org xorg-server *
x.org x_server *
CVE-2017-12182 HIGH

xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-391,CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
x.org xorg-server *
x.org x_server *
CVE-2017-12183 HIGH

xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-391,CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
x.org xorg-server *
x.org x_server *
CVE-2017-12184 HIGH

xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-391,CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
x.org xorg-server *
x.org x_server *
CVE-2017-12185 HIGH

xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-391,CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
x.org xorg-server *
x.org x_server *
CVE-2017-12186 HIGH

xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-391,CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
x.org xorg-server *
x.org x_server *
CVE-2017-12187 HIGH

xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-391,CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
x.org xorg-server *
x.org x_server *
CVE-2017-13720 LOW

In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters.

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
x.org libxfont *
x.org libxfont 2.0.0
x.org libxfont 2.0.1
CVE-2017-13721 LOW

In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.

CVSS 2.0

Severity: LOW

Problem Type: CWE-269,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
x.org xorg-server *
x.org x_server *
CVE-2017-13722 LOW

In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server.

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
x.org libxfont *
x.org libxfont 2.0.0
x.org libxfont 2.0.1
CVE-2017-13723 MEDIUM

In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
x.org xorg-server *
x.org x_server *
CVE-2017-2624 LOW

It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.

CVSS 2.0

Severity: LOW

Problem Type: CWE-385,CWE-200,

Products Affected

Vendor Product Version
debian debian_linux 7.0
x.org xorg-server *
x.org x_server *
CVE-2017-2625 LOW

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.

CVSS 2.0

Severity: LOW

Problem Type: CWE-331,CWE-320,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux 7.0
x.org libxdmcp *
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server 7.0
CVE-2018-14598 MEDIUM

An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 8.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 14.04
x.org libx11 *
canonical ubuntu_linux 12.04
fedoraproject fedora 28
CVE-2018-14599 HIGH

An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-193,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 14.04
x.org libx11 *
canonical ubuntu_linux 12.04
fedoraproject fedora 28
redhat enterprise_linux_server 7.0
CVE-2018-14600 HIGH

An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 8.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 14.04
x.org libx11 *
canonical ubuntu_linux 12.04
CVE-2018-14665 HIGH

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-863,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 7.0
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
debian debian_linux 9.0
x.org x_server *
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server 7.0
x.org xorg-server *
CVE-2019-17624 MEDIUM

"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. Note: It is disputed if the X.Org X Server is involved or if there is a stack overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
x.org x_server *
CVE-2020-14344 MEDIUM

An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
opensuse leap 15.1
canonical ubuntu_linux 20.04
fedoraproject fedora 31
canonical ubuntu_linux 16.04
fedoraproject fedora 32
canonical ubuntu_linux 18.04
opensuse leap 15.2
canonical ubuntu_linux 14.04
fedoraproject fedora 33
x.org libx11 *
canonical ubuntu_linux 12.04
CVE-2020-14345 MEDIUM

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 20.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 14.04
x.org x_server *
CVE-2020-14346 MEDIUM

A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-191,CWE-191,

Products Affected

Vendor Product Version
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
canonical ubuntu_linux 14.04
redhat enterprise_linux 8.0
x.org xorg-server *
x.org x_server *
CVE-2020-14347 LOW

A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.

CVSS 2.0

Severity: LOW

Problem Type: CWE-665,CWE-665,

Products Affected

Vendor Product Version
debian debian_linux 10.0
canonical ubuntu_linux 20.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 14.04
debian debian_linux 9.0
x.org xorg-server *
x.org x_server *
CVE-2020-14360 MEDIUM

A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
x.org x_server *
CVE-2020-14361 MEDIUM

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-191,CWE-191,

Products Affected

Vendor Product Version
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
canonical ubuntu_linux 14.04
redhat enterprise_linux 8.0
x.org xorg-server *
x.org x_server *
CVE-2020-14362 MEDIUM

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-191,CWE-191,

Products Affected

Vendor Product Version
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
canonical ubuntu_linux 14.04
redhat enterprise_linux 8.0
x.org xorg-server *
x.org x_server *
CVE-2020-14363 MEDIUM

An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
secalert@redhat.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-416,CWE-190,

Products Affected

Vendor Product Version
fedoraproject fedora 33
x.org libx11 *
CVE-2020-25697 MEDIUM

A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server it is expecting to connect to.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
x.org x_server -
CVE-2020-25712 MEDIUM

A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,

Products Affected

Vendor Product Version
redhat enterprise_linux 8.0
x.org x_server *
CVE-2021-31535 HIGH

LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
x.org x_window_system *
fedoraproject fedora 33
x.org libx11 *
CVE-2021-3472 HIGH

A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-191,

Products Affected

Vendor Product Version
debian debian_linux 10.0
fedoraproject fedora 34
redhat enterprise_linux 7.0
fedoraproject fedora 32
fedoraproject fedora 33
redhat enterprise_linux 8.0
debian debian_linux 9.0
x.org x_server *
CVE-2021-4008 HIGH

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
x.org x_server 21.1.0
debian debian_linux 10.0
fedoraproject fedora 34
debian debian_linux 11.0
fedoraproject fedora 35
debian debian_linux 9.0
x.org x_server 21.1.1
x.org x_server *
CVE-2021-4009 HIGH

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
x.org x_server 21.1.0
debian debian_linux 10.0
fedoraproject fedora 34
debian debian_linux 11.0
fedoraproject fedora 35
debian debian_linux 9.0
x.org x_server 21.1.1
x.org x_server *
CVE-2021-4010 HIGH

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
x.org x_server 21.1.0
debian debian_linux 10.0
fedoraproject fedora 34
debian debian_linux 11.0
fedoraproject fedora 35
x.org x_server 21.1.1
x.org x_server *
CVE-2021-4011 HIGH

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
x.org x_server 21.1.0
debian debian_linux 10.0
fedoraproject fedora 34
debian debian_linux 11.0
fedoraproject fedora 35
debian debian_linux 9.0
x.org x_server 21.1.1
x.org x_server *
CVE-2022-2319

A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
x.org x_server 21.1.0
x.org xorg-server 21.1.0
CVE-2022-2320

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
x.org x_server 21.1.0
x.org xorg-server 21.1.0
CVE-2022-3550

A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051.

Products Affected

Vendor Product Version
debian debian_linux 10.0
debian debian_linux 11.0
fedoraproject fedora 37
fedoraproject fedora 35
fedoraproject fedora 36
x.org x_server *
CVE-2022-3551

A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.

Products Affected

Vendor Product Version
debian debian_linux 10.0
debian debian_linux 11.0
fedoraproject fedora 37
fedoraproject fedora 35
fedoraproject fedora 36
x.org x_server *
CVE-2022-3553

A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053 was assigned to this vulnerability.

Products Affected

Vendor Product Version
x.org x_server -
CVE-2022-4283

A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
x.org xorg-server 1.20.4
x.org x_server 1.20.4
debian debian_linux 11.0
fedoraproject fedora 37
redhat enterprise_linux 9.0
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
fedoraproject fedora 36
CVE-2022-46340

A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
x.org x_server 1.20.4
debian debian_linux 11.0
fedoraproject fedora 37
fedoraproject fedora 36
CVE-2022-46341

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
x.org x_server 1.20.4
debian debian_linux 11.0
fedoraproject fedora 37
fedoraproject fedora 36
CVE-2022-46342

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
x.org x_server 1.20.4
debian debian_linux 11.0
fedoraproject fedora 37
fedoraproject fedora 36
CVE-2022-46343

A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
x.org x_server 1.20.4
debian debian_linux 11.0
fedoraproject fedora 37
fedoraproject fedora 36
CVE-2022-46344

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
x.org x_server 1.20.4
debian debian_linux 11.0
fedoraproject fedora 37
fedoraproject fedora 36
CVE-2023-0494

A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
redhat enterprise_linux_for_ibm_z_systems 7.0
redhat enterprise_linux 9.0
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_for_power_little_endian_eus 8.6
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_for_ibm_z_systems_eus 8.4
redhat enterprise_linux_for_power_little_endian_eus 8.4
redhat enterprise_linux_server_update_services_for_sap_solutions 8.2
x.org x_server *
redhat enterprise_linux 8.1
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.2
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_for_power_big_endian 7.0
redhat enterprise_linux_for_ibm_z_systems 8.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.1
redhat enterprise_linux_for_power_little_endian 9.0
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_aus 8.6
redhat enterprise_linux_for_ibm_z_systems_eus 8.6
redhat enterprise_linux 8.0
fedoraproject fedora 36
redhat enterprise_linux_server_workstation 7.0
redhat enterprise_linux_for_power_little_endian 7.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_for_scientific_computing 7.0
fedoraproject fedora 37
redhat enterprise_linux_eus 9.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_aus 8.4
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4
CVE-2023-1393

A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
fedoraproject fedora 38
fedoraproject fedora 37
x.org xorg-server 21.1.8
fedoraproject fedora 36
x.org xorg-server *
x.org x_server *
CVE-2023-3138

A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
x.org libx11 *
redhat enterprise_linux 8.0
CVE-2023-43785

A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 38
redhat enterprise_linux 9.0
x.org libx11 *
redhat enterprise_linux 8.0
CVE-2023-43786

A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
secalert@redhat.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 38
redhat enterprise_linux 9.0
x.org libx11 *
redhat enterprise_linux 8.0
CVE-2023-43787

A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
secalert@redhat.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
fedoraproject fedora 38
redhat enterprise_linux 9.0
x.org libx11 *
redhat enterprise_linux 8.0
CVE-2023-43788

A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
secalert@redhat.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 38
fedoraproject fedora 39
fedoraproject fedora 37
x.org libxpm *
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
CVE-2023-5367

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
redhat enterprise_linux_for_ibm_z_systems 7.0_s390x
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_for_scientific_computing 7.0
debian debian_linux 11.0
fedoraproject fedora 37
redhat enterprise_linux 9.0
redhat enterprise_linux 7.0
redhat enterprise_linux_for_power_little_endian 7.0_ppc64le
x.org x_server *
fedoraproject fedora 38
debian debian_linux 12.0
redhat enterprise_linux_for_power_big_endian 7.0_ppc64
redhat enterprise_linux_workstation 7.0
fedoraproject fedora 39
x.org xwayland *
redhat enterprise_linux 8.0
redhat enterprise_linux_server 7.0
CVE-2023-5380

A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.0 3.6
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.0 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 38
debian debian_linux 12.0
fedoraproject fedora 39
debian debian_linux 11.0
fedoraproject fedora 37
redhat enterprise_linux 9.0
redhat enterprise_linux 7.0
x.org xwayland *
redhat enterprise_linux 8.0
x.org x_server *
CVE-2023-5574

A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
redhat enterprise_linux 7.0
x.org x_server *
CVE-2023-6377

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
secalert@redhat.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
debian debian_linux 12.0
tigervnc tigervnc -
debian debian_linux 10.0
debian debian_linux 11.0
x.org xwayland *
x.org x_server *
redhat enterprise_linux_eus 9.2
CVE-2023-6478

A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
secalert@redhat.com 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L 2.8 4.7

Products Affected

Vendor Product Version
debian debian_linux 12.0
tigervnc tigervnc -
debian debian_linux 10.0
debian debian_linux 11.0
x.org xwayland *
x.org x_server *
redhat enterprise_linux_eus 9.2
CVE-2023-6816

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
debian debian_linux 10.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 7.0
fedoraproject fedora 39
x.org xwayland *
redhat enterprise_linux_server 7.0
x.org xorg-server *
x.org x_server *
CVE-2024-0229

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 8.8
redhat enterprise_linux_eus 9.0
redhat enterprise_linux 9.0
redhat enterprise_linux 7.0
redhat enterprise_linux_update_services_for_sap_solutions 8.4
redhat enterprise_linux_tus 8.2
x.org x_server *
redhat enterprise_linux_aus 8.2
fedoraproject fedora 39
redhat enterprise_linux_update_services_for_sap_solutions 8.2
redhat enterprise_linux_eus 8.6
x.org xwayland *
redhat enterprise_linux 8.0
redhat enterprise_linux_aus 8.4
redhat enterprise_linux_tus 8.4
redhat enterprise_linux_eus 9.2
CVE-2024-0408

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
secalert@redhat.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
tigervnc tigervnc *
redhat enterprise_linux_for_ibm_z_systems 7.0
redhat enterprise_linux_for_power_little_endian 7.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_for_scientific_computing 7.0
redhat enterprise_linux 9.0
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
x.org x_server *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_for_power_big_endian 7.0
fedoraproject fedora 39
x.org xwayland *
redhat enterprise_linux 8.0
redhat enterprise_linux_server 7.0
x.org xorg-server *
CVE-2024-0409

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
secalert@redhat.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
tigervnc tigervnc *
redhat enterprise_linux_for_ibm_z_systems 7.0
redhat enterprise_linux_for_power_little_endian 7.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_for_scientific_computing 7.0
redhat enterprise_linux 9.0
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
x.org x_server *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_for_power_big_endian 7.0
fedoraproject fedora 39
x.org xwayland *
redhat enterprise_linux 8.0
redhat enterprise_linux_server 7.0
x.org xorg-server *
CVE-2025-26594

A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
secalert@redhat.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
tigervnc tigervnc -
redhat enterprise_linux 9.0
redhat enterprise_linux 7.0
x.org xwayland *
redhat enterprise_linux 8.0
x.org x_server *
CVE-2025-26595

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
tigervnc tigervnc -
redhat enterprise_linux 9.0
redhat enterprise_linux 7.0
x.org xwayland *
redhat enterprise_linux 8.0
x.org x_server *
CVE-2025-26596

A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
x.org xwayland -
tigervnc tigervnc -
redhat enterprise_linux 9.0
redhat enterprise_linux 7.0
x.org x_server -
x.org xwayland *
redhat enterprise_linux 8.0
x.org x_server *
CVE-2025-26597

A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
x.org xwayland -
tigervnc tigervnc -
redhat enterprise_linux 9.0
redhat enterprise_linux 7.0
x.org x_server -
x.org xwayland *
redhat enterprise_linux 8.0
x.org x_server *
CVE-2025-26598

An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
secalert@redhat.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
tigervnc tigervnc -
redhat enterprise_linux 9.0
redhat enterprise_linux 7.0
x.org xwayland *
redhat enterprise_linux 8.0
x.org x_server *
CVE-2025-26599

An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
secalert@redhat.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
tigervnc tigervnc -
redhat enterprise_linux 9.0
redhat enterprise_linux 7.0
x.org xwayland *
redhat enterprise_linux 8.0
x.org x_server *
CVE-2025-26600

A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
tigervnc tigervnc -
redhat enterprise_linux 9.0
redhat enterprise_linux 7.0
x.org xwayland *
redhat enterprise_linux 8.0
x.org x_server *
CVE-2025-26601

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
tigervnc tigervnc -
redhat enterprise_linux 9.0
redhat enterprise_linux 7.0
x.org xwayland *
redhat enterprise_linux 8.0
x.org x_server *