Unrated severityNVD Advisory· Published Feb 13, 2015· Updated May 6, 2026

CVE-2015-0255

Description

X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.

Affected products

Xorg/Xserver2 versions
cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*range: <=1.16.3
- cpe:2.3:a:x.org:x_server:1.17.0:*:*:*:*:*:*:*
OpenSUSE/openSUSE2 versions
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.x.org/wiki/Development/Security/Advisory-2015-02-10/nvdPatchVendor Advisory
advisories.mageia.org/MGASA-2015-0073.htmlnvd
lists.opensuse.org/opensuse-updates/2015-02/msg00085.htmlnvd
lists.opensuse.org/opensuse-updates/2015-02/msg00086.htmlnvd
rhn.redhat.com/errata/RHSA-2015-0797.htmlnvd
www.debian.org/security/2015/dsa-3160nvd
www.mandriva.com/security/advisoriesnvd
www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlnvd
www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlnvd
www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlnvd
www.securityfocus.com/bid/72578nvd
www.ubuntu.com/usn/USN-2500-1nvd
security.gentoo.org/glsa/201504-06nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000