VYPR

Xserver

by Xorg

Source repositories

CVEs (71)

  • CVE-2024-31083HigApr 5, 2024
    risk 0.51cvss 7.8epss 0.02

    A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted…

  • CVE-2024-21886HigFeb 28, 2024
    risk 0.51cvss 7.8epss 0.01

    A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.

  • CVE-2024-21885HigFeb 28, 2024
    risk 0.51cvss 7.8epss 0.01

    A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an…

  • CVE-2017-13723HigOct 10, 2017
    risk 0.51cvss 7.8epss 0.00

    In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via…

  • CVE-2015-3418HigDec 13, 2016
    risk 0.49cvss 7.5epss 0.02

    The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.

  • CVE-2024-31082HigApr 4, 2024
    risk 0.47cvss 7.3epss 0.00

    A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a…

  • CVE-2024-31081HigApr 4, 2024
    risk 0.47cvss 7.3epss 0.01

    A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a…

  • CVE-2024-31080HigApr 4, 2024
    risk 0.47cvss 7.3epss 0.01

    A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a…

  • CVE-2017-10972MedJul 6, 2017
    risk 0.42cvss 6.5epss 0.02

    Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.

  • CVE-2026-34002MedMay 5, 2026
    risk 0.40cvss 6.1epss 0.00

    A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its…

  • CVE-2026-34000MedMay 5, 2026
    risk 0.40cvss 6.1epss 0.00

    A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a…

  • CVE-2026-50263MedJun 5, 2026
    risk 0.36cvss 5.5epss 0.00

    A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.

  • CVE-2026-50262MedJun 5, 2026
    risk 0.36cvss 5.5epss 0.00

    An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists…

  • CVE-2017-13721MedOct 10, 2017
    risk 0.31cvss 4.7epss 0.00

    In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.

  • CVE-2011-4613Feb 5, 2014
    risk 0.03cvss epss 0.01

    The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.

  • CVE-2011-4029Jul 3, 2012
    risk 0.03cvss epss 0.01

    The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.

  • CVE-2007-5958Jan 18, 2008
    risk 0.03cvss epss 0.05

    X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.

  • CVE-2007-2437May 2, 2007
    risk 0.03cvss epss 0.04

    The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions,…

  • CVE-2006-0745Mar 21, 2006
    risk 0.03cvss epss 0.01

    X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the…

  • CVE-2024-0229Feb 9, 2024
    risk 0.00cvss epss 0.01

    An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with…