X.org : Security Vulnerabilities, CVEs, Published In 2017
In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-10-10
Updated
2018-02-04
In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server.
Max CVSS
7.1
EPSS Score
0.04%
Published
2017-10-11
Updated
2017-11-13
In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.
Max CVSS
4.7
EPSS Score
0.06%
Published
2017-10-10
Updated
2019-10-03
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters.
Max CVSS
7.1
EPSS Score
0.06%
Published
2017-10-11
Updated
2017-11-13
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.
Max CVSS
6.5
EPSS Score
0.16%
Published
2017-07-06
Updated
2019-10-03
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.
Max CVSS
8.8
EPSS Score
2.62%
Published
2017-07-06
Updated
2017-11-04
Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.
Max CVSS
9.8
EPSS Score
2.54%
Published
2017-02-01
Updated
2023-10-17
7 vulnerabilities found