Vulnerabilities > X ORG

DATE CVE VULNERABILITY TITLE RISK
2008-01-18 CVE-2007-6429 Race Condition vulnerability in X.Org Evi, Mit-Shm and Xserver
Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension.
network
x-org CWE-362
critical
9.3
2008-01-18 CVE-2007-6428 Local Privilege Escalation and Information Disclosure vulnerability in RETIRED: X.Org X Server
The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index.
network
low complexity
x-org
5.0
2008-01-18 CVE-2007-6427 Out-Of-Bounds Write vulnerability in multiple products
The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.
9.3
2008-01-18 CVE-2007-5958 Information Exposure vulnerability in X.Org Xserver
X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.
network
low complexity
x-org CWE-200
5.0
2008-01-18 CVE-2007-5760 Local Privilege Escalation and Information Disclosure vulnerability in RETIRED: X.Org X Server
Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index.
network
x-org xfree86-project
critical
9.3
2007-10-05 CVE-2007-4990 Numeric Errors vulnerability in X.Org X Font Server
The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
network
low complexity
x-org CWE-189
7.5
2007-09-11 CVE-2007-4730 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in X.Org Xorg-Server
Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap.
local
low complexity
x-org CWE-119
4.3
2007-05-02 CVE-2007-2437 Denial of Service vulnerability in X.Org X Window System Xserver XRender Extension Divide by Zero
The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error.
low complexity
x-org
5.5
2007-04-06 CVE-2007-1352 Local Integer Overflow vulnerability in X.Org LibXFont
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.
3.8
2007-04-06 CVE-2007-1351 Numeric Errors vulnerability in multiple products
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
8.5