Vulnerabilities > X ORG
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-04-06 | CVE-2007-1003 | Local Integer Overflow vulnerability in X.Org X11 7.11.1.0 Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption. | 9.0 |
| 2007-03-24 | CVE-2007-1667 | Numeric Errors vulnerability in multiple products Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. | 9.3 |
| 2006-12-31 | CVE-2006-6103 | Local Integer Overflow vulnerability in X.Org DBE And Render Extensions Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. | 6.6 |
| 2006-12-31 | CVE-2006-6102 | Local Integer Overflow vulnerability in X.Org DBE And Render Extensions Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. | 10.0 |
| 2006-12-31 | CVE-2006-6101 | Local Integer Overflow vulnerability in X.Org DBE And Render Extensions Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures. | 6.6 |
| 2006-10-10 | CVE-2006-5215 | Local Security vulnerability in NetBSD The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file. | 2.6 |
| 2006-09-13 | CVE-2006-3740 | Integer Overflow vulnerability in X.Org LibXfont CID Font File Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections. | 7.2 |
| 2006-09-13 | CVE-2006-3739 | Integer Overflow vulnerability in X.Org LibXfont CID Font File Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow. | 7.2 |
| 2006-08-30 | CVE-2006-4447 | Local Privilege Escalation vulnerability in Multiple X.Org Products SetUID X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit. | 7.2 |
| 2006-05-02 | CVE-2006-1526 | Buffer Overflow vulnerability in X.Org XRender Extension Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. | 2.1 |