Vulnerabilities > X ORG

DATE CVE VULNERABILITY TITLE RISK
2018-01-24 CVE-2017-12177 Integer Overflow or Wraparound vulnerability in multiple products
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-190
critical
9.8
2018-01-24 CVE-2017-12176 Improper Input Validation vulnerability in multiple products
xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-20
critical
9.8
2017-10-11 CVE-2017-13722 Out-of-bounds Read vulnerability in X.Org Libxfont 2.0.0/2.0.1
In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server.
local
low complexity
x-org CWE-125
7.1
2017-10-11 CVE-2017-13720 Out-of-bounds Read vulnerability in X.Org Libxfont 2.0.0/2.0.1
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service).
local
low complexity
x-org CWE-125
7.1
2017-10-10 CVE-2017-13723 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp.
local
low complexity
x-org debian CWE-119
7.8
2017-10-10 CVE-2017-13721 Improper Privilege Management vulnerability in multiple products
In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.
local
high complexity
x-org debian CWE-269
4.7
2017-07-06 CVE-2017-10972 Improper Initialization vulnerability in X.Org Xorg-Server
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.
network
low complexity
x-org CWE-665
6.5
2017-07-06 CVE-2017-10971 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in X.Org Xorg-Server
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.
network
low complexity
x-org CWE-119
8.8
2017-02-01 CVE-2016-10164 Integer Overflow or Wraparound vulnerability in X.Org Libxpm
Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.
network
low complexity
x-org CWE-190
critical
9.8
2016-12-13 CVE-2016-7953 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string.
network
low complexity
fedoraproject x-org CWE-119
critical
9.8