VYPR

rpm package

suse/xorg-x11-libs&distro=SUSE Linux Enterprise Server 11 SP4

pkg:rpm/suse/xorg-x11-libs&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4

Vulnerabilities (12)

  • CVE-2015-9262CriAug 1, 2018
    affected < 7.4-8.26.50.8.1fixed 7.4-8.26.50.8.1

    _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.

  • CVE-2017-16612HigDec 1, 2017
    affected < 7.4-8.26.50.5.3fixed 7.4-8.26.50.5.3

    libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.

  • CVE-2017-13722HigOct 11, 2017
    affected < 7.4-8.26.50.5.3fixed 7.4-8.26.50.5.3

    In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server

  • CVE-2017-13720HigOct 11, 2017
    affected < 7.4-8.26.50.5.3fixed 7.4-8.26.50.5.3

    In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occu

  • CVE-2016-7953CriDec 13, 2016
    affected < 7.4-8.26.49.1fixed 7.4-8.26.49.1

    Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string.

  • CVE-2016-7952HigDec 13, 2016
    affected < 7.4-8.26.49.1fixed 7.4-8.26.49.1

    X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.

  • CVE-2016-7951CriDec 13, 2016
    affected < 7.4-8.26.49.1fixed 7.4-8.26.49.1

    Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.

  • CVE-2016-7948CriDec 13, 2016
    affected < 7.4-8.26.49.1fixed 7.4-8.26.49.1

    X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data.

  • CVE-2016-7947CriDec 13, 2016
    affected < 7.4-8.26.49.1fixed 7.4-8.26.49.1

    Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.

  • CVE-2016-7946HigDec 13, 2016
    affected < 7.4-8.26.49.1fixed 7.4-8.26.49.1

    X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.

  • CVE-2016-7945HigDec 13, 2016
    affected < 7.4-8.26.49.1fixed 7.4-8.26.49.1

    Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.

  • CVE-2015-1804Mar 20, 2015
    affected < 7.4-8.26.46.1fixed 7.4-8.26.46.1

    The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly e