rpm package
suse/xorg-x11-libs&distro=SUSE Linux Enterprise Server 11 SP4
pkg:rpm/suse/xorg-x11-libs&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4
Vulnerabilities (12)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-9262 | Cri | 9.8 | < 7.4-8.26.50.8.1 | 7.4-8.26.50.8.1 | Aug 1, 2018 | _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. | |
| CVE-2017-16612 | Hig | 7.5 | < 7.4-8.26.50.5.3 | 7.4-8.26.50.5.3 | Dec 1, 2017 | libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14. | |
| CVE-2017-13722 | Hig | 7.1 | < 7.4-8.26.50.5.3 | 7.4-8.26.50.5.3 | Oct 11, 2017 | In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server | |
| CVE-2017-13720 | Hig | 7.1 | < 7.4-8.26.50.5.3 | 7.4-8.26.50.5.3 | Oct 11, 2017 | In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occu | |
| CVE-2016-7953 | Cri | 9.8 | < 7.4-8.26.49.1 | 7.4-8.26.49.1 | Dec 13, 2016 | Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string. | |
| CVE-2016-7952 | Hig | 7.5 | < 7.4-8.26.49.1 | 7.4-8.26.49.1 | Dec 13, 2016 | X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data. | |
| CVE-2016-7951 | Cri | 9.8 | < 7.4-8.26.49.1 | 7.4-8.26.49.1 | Dec 13, 2016 | Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks. | |
| CVE-2016-7948 | Cri | 9.8 | < 7.4-8.26.49.1 | 7.4-8.26.49.1 | Dec 13, 2016 | X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. | |
| CVE-2016-7947 | Cri | 9.8 | < 7.4-8.26.49.1 | 7.4-8.26.49.1 | Dec 13, 2016 | Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response. | |
| CVE-2016-7946 | Hig | 7.5 | < 7.4-8.26.49.1 | 7.4-8.26.49.1 | Dec 13, 2016 | X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields. | |
| CVE-2016-7945 | Hig | 7.5 | < 7.4-8.26.49.1 | 7.4-8.26.49.1 | Dec 13, 2016 | Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields. | |
| CVE-2015-1804 | — | < 7.4-8.26.46.1 | 7.4-8.26.46.1 | Mar 20, 2015 | The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly e |
- affected < 7.4-8.26.50.8.1fixed 7.4-8.26.50.8.1
_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.
- affected < 7.4-8.26.50.5.3fixed 7.4-8.26.50.5.3
libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.
- affected < 7.4-8.26.50.5.3fixed 7.4-8.26.50.5.3
In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server
- affected < 7.4-8.26.50.5.3fixed 7.4-8.26.50.5.3
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occu
- affected < 7.4-8.26.49.1fixed 7.4-8.26.49.1
Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string.
- affected < 7.4-8.26.49.1fixed 7.4-8.26.49.1
X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.
- affected < 7.4-8.26.49.1fixed 7.4-8.26.49.1
Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.
- affected < 7.4-8.26.49.1fixed 7.4-8.26.49.1
X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data.
- affected < 7.4-8.26.49.1fixed 7.4-8.26.49.1
Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.
- affected < 7.4-8.26.49.1fixed 7.4-8.26.49.1
X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.
- affected < 7.4-8.26.49.1fixed 7.4-8.26.49.1
Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.
- CVE-2015-1804Mar 20, 2015affected < 7.4-8.26.46.1fixed 7.4-8.26.46.1
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly e