A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-10-10
Updated
2024-03-05
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.
Max CVSS
7.8
EPSS Score
21.00%
Published
2023-12-13
Updated
2024-01-31
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
Max CVSS
7.8
EPSS Score
0.10%
Published
2023-03-27
Updated
2023-05-30
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
Max CVSS
8.8
EPSS Score
2.58%
Published
2022-12-14
Updated
2023-12-13
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
Max CVSS
8.8
EPSS Score
2.83%
Published
2022-12-14
Updated
2023-05-30
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
Max CVSS
8.8
EPSS Score
2.83%
Published
2022-12-14
Updated
2023-05-30
A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.
Max CVSS
8.8
EPSS Score
1.99%
Published
2022-12-14
Updated
2023-05-30
A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
Max CVSS
7.8
EPSS Score
0.25%
Published
2022-12-14
Updated
2023-05-30
A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.
Max CVSS
7.8
EPSS Score
0.05%
Published
2022-09-01
Updated
2024-02-01
LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.
Max CVSS
9.8
EPSS Score
9.74%
Published
2021-05-27
Updated
2021-09-23
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.
Max CVSS
9.8
EPSS Score
6.60%
Published
2018-08-24
Updated
2019-08-06
xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.55%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.47%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.38%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.38%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.79%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.79%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.60%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.79%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.65%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.83%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
1.15%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.79%
Published
2018-01-24
Updated
2019-10-09
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.
Max CVSS
8.8
EPSS Score
2.62%
Published
2017-07-06
Updated
2017-11-04
Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.
Max CVSS
9.8
EPSS Score
2.54%
Published
2017-02-01
Updated
2023-10-17
61 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!