Filtered by vendor X.org
Subscribe
Total
141 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6429 | 1 X.org | 3 Evi, Mit-shm, Xserver | 2024-11-21 | 9.3 HIGH | N/A |
| Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension. | |||||
| CVE-2007-6428 | 1 X.org | 2 Tog-cup, Xserver | 2024-11-21 | 5.0 MEDIUM | N/A |
| The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index. | |||||
| CVE-2007-6427 | 7 Apple, Canonical, Debian and 4 more | 11 Mac Os X, Ubuntu Linux, Debian Linux and 8 more | 2024-11-21 | 9.3 HIGH | N/A |
| The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. | |||||
| CVE-2007-5958 | 1 X.org | 1 Xserver | 2024-11-21 | 5.0 MEDIUM | N/A |
| X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists. | |||||
| CVE-2007-5760 | 2 X.org, Xfree86 Project | 2 Xserver, Xfree86-misc | 2024-11-21 | 9.3 HIGH | N/A |
| Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index. | |||||
| CVE-2007-4990 | 1 X.org | 1 X Font Server | 2024-11-21 | 7.5 HIGH | N/A |
| The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. | |||||
| CVE-2007-4730 | 1 X.org | 1 Xorg-server | 2024-11-21 | 4.3 MEDIUM | N/A |
| Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap. | |||||
| CVE-2007-4568 | 1 X.org | 1 X Font Server | 2024-11-21 | 6.8 MEDIUM | N/A |
| Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow. | |||||
| CVE-2007-2437 | 1 X.org | 2 X Window System, Xserver | 2024-11-21 | 5.5 MEDIUM | N/A |
| The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error. | |||||
| CVE-2007-1667 | 3 Canonical, Debian, X.org | 3 Ubuntu Linux, Debian Linux, Libx11 | 2024-11-21 | 9.3 HIGH | N/A |
| Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. | |||||
| CVE-2007-1352 | 8 Mandrakesoft, Openbsd, Redhat and 5 more | 14 Mandrake Linux, Mandrake Linux Corporate Server, Mandrake Multi Network Firewall and 11 more | 2024-11-21 | 3.8 LOW | N/A |
| Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow. | |||||
| CVE-2007-1351 | 7 Mandrakesoft, Openbsd, Redhat and 4 more | 11 Mandrake Linux, Mandrake Linux Corporate Server, Mandrake Multi Network Firewall and 8 more | 2024-11-21 | 8.5 HIGH | N/A |
| Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. | |||||
| CVE-2007-1003 | 1 X.org | 1 X11 | 2024-11-21 | 9.0 HIGH | N/A |
| Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption. | |||||
| CVE-2006-6103 | 2 X.org, Xfree86 Project | 2 X.org, Xfree86 | 2024-11-21 | 6.6 MEDIUM | N/A |
| Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. | |||||
| CVE-2006-6102 | 2 X.org, Xfree86 Project | 2 X.org, Xfree86 X Server | 2024-11-21 | 10.0 HIGH | N/A |
| Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. | |||||
| CVE-2006-6101 | 2 X.org, Xfree86 Project | 2 X.org, Xfree86 | 2024-11-21 | 6.6 MEDIUM | N/A |
| Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures. | |||||
| CVE-2006-5397 | 1 X.org | 1 Libx11 | 2024-11-21 | 2.1 LOW | N/A |
| The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor. | |||||
| CVE-2006-5215 | 3 Netbsd, Sun, X.org | 4 Netbsd, Solaris, Sunos and 1 more | 2024-11-21 | 2.6 LOW | N/A |
| The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file. | |||||
| CVE-2006-4447 | 1 X.org | 9 Emu-linux-x87-xlibs, X11r6, X11r7 and 6 more | 2024-11-21 | 7.2 HIGH | N/A |
| X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit. | |||||
| CVE-2006-3740 | 2 X.org, Xfree86 Project | 2 X.org, Xfree86 X | 2024-11-21 | 7.2 HIGH | N/A |
| Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections. | |||||