Vulnerabilities > Xfree86 Project > X11R6

DATE CVE VULNERABILITY TITLE RISK
2007-04-06 CVE-2007-1351 Numeric Errors vulnerability in multiple products
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
8.5
2005-03-02 CVE-2005-0605 Integer Overflow vulnerability in libXPM Bitmap_unit
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
7.5
2005-01-10 CVE-2004-0914 Multiple Unspecified vulnerability in LibXPM
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file.
network
low complexity
lesstif x-org xfree86-project gentoo redhat suse
critical
10.0
2004-10-20 CVE-2004-0688 Remote Buffer Overflow vulnerability in libXpm Image Decoding
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
network
low complexity
x-org xfree86-project openbsd suse
7.5
2004-03-15 CVE-2004-0094 Buffer Overflow vulnerability in XFree86 Direct Rendering Infrastructure
Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).
network
low complexity
xfree86-project
7.5
2004-03-15 CVE-2004-0093 Buffer Overflow vulnerability in XFree86 Direct Rendering Infrastructure
XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI).
network
low complexity
xfree86-project
7.5
2004-03-03 CVE-2004-0106 Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
local
low complexity
xfree86-project openbsd
7.2
2004-03-03 CVE-2004-0084 Buffer Overflow vulnerability in XFree86 CopyISOLatin1Lowered Font_Name
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.
network
low complexity
xfree86-project openbsd
critical
10.0
2004-03-03 CVE-2004-0083 Buffer Overflow vulnerability in XFree86 Font Information File
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
network
low complexity
xfree86-project openbsd
critical
10.0
2003-10-20 CVE-2003-0730 Integer Overflow vulnerability in XFree86
Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks.
network
low complexity
xfree86-project netbsd
7.5