X.org : Security Vulnerabilities, CVEs,
CVE-1999-0526
Public exploit
An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.
Max CVSS
10.0
EPSS Score
80.74%
Published
1997-07-01
Updated
2008-09-09
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
Max CVSS
10.0
EPSS Score
8.80%
Published
2005-01-10
Updated
2017-10-11
Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.
Max CVSS
10.0
EPSS Score
0.63%
Published
2006-12-31
Updated
2017-10-11
Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name.
Max CVSS
10.0
EPSS Score
1.98%
Published
2012-05-18
Updated
2017-08-29
The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data.
Max CVSS
9.8
EPSS Score
0.66%
Published
2016-12-13
Updated
2017-07-01
The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations.
Max CVSS
9.8
EPSS Score
1.30%
Published
2016-12-13
Updated
2018-09-13
The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations.
Max CVSS
9.8
EPSS Score
1.40%
Published
2016-12-13
Updated
2018-09-13
Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.
Max CVSS
9.8
EPSS Score
0.91%
Published
2016-12-13
Updated
2017-07-01
Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.
Max CVSS
9.8
EPSS Score
0.97%
Published
2016-12-13
Updated
2017-07-01
X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data.
Max CVSS
9.8
EPSS Score
0.97%
Published
2016-12-13
Updated
2017-07-01
Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.
Max CVSS
9.8
EPSS Score
0.93%
Published
2016-12-13
Updated
2017-07-01
The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths.
Max CVSS
9.8
EPSS Score
0.97%
Published
2016-12-13
Updated
2017-07-01
Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string.
Max CVSS
9.8
EPSS Score
1.36%
Published
2016-12-13
Updated
2017-07-01
Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.
Max CVSS
9.8
EPSS Score
2.54%
Published
2017-02-01
Updated
2023-10-17
xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.79%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
1.15%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.83%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.65%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.79%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.60%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.79%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.79%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.38%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.38%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.47%
Published
2018-01-24
Updated
2019-10-09