Xorg
Products
81- 71 CVEs
- 60 CVEs
- 46 CVEs
- 31 CVEs
- 28 CVEs
- 21 CVEs
- 20 CVEs
- 19 CVEs
- 18 CVEs
- 13 CVEs
- 12 CVEs
- 11 CVEs
- 9 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- View all 81 products →
Recent CVEs
379| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-5199 | Cri | 0.64 | 9.8 | 0.02 | Aug 18, 2017 | A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact. | ||
| CVE-2016-10164 | Cri | 0.64 | 9.8 | 0.08 | Feb 1, 2017 | Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated… | ||
| CVE-2016-2090 | Cri | 0.64 | 9.8 | 0.03 | Jan 13, 2017 | Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. | ||
| CVE-2016-7953 | Cri | 0.64 | 9.8 | 0.03 | Dec 13, 2016 | Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string. | ||
| CVE-2016-7951 | Cri | 0.64 | 9.8 | 0.02 | Dec 13, 2016 | Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks. | ||
| CVE-2016-7950 | Cri | 0.64 | 9.8 | 0.03 | Dec 13, 2016 | The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths. | ||
| CVE-2016-7949 | Cri | 0.64 | 9.8 | 0.04 | Dec 13, 2016 | Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields. | ||
| CVE-2016-7948 | Cri | 0.64 | 9.8 | 0.04 | Dec 13, 2016 | X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. | ||
| CVE-2016-7947 | Cri | 0.64 | 9.8 | 0.04 | Dec 13, 2016 | Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response. | ||
| CVE-2016-7944 | Cri | 0.64 | 9.8 | 0.03 | Dec 13, 2016 | Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync. | ||
| CVE-2016-7943 | Cri | 0.64 | 9.8 | 0.04 | Dec 13, 2016 | The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations. | ||
| CVE-2016-7942 | Cri | 0.64 | 9.8 | 0.04 | Dec 13, 2016 | The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations. | ||
| CVE-2016-5407 | Cri | 0.64 | 9.8 | 0.05 | Dec 13, 2016 | The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data. | ||
| CVE-2013-1591 | Cri | 0.64 | 9.8 | 0.04 | Jan 31, 2013 | Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in… | ||
| CVE-2017-2820 | Hig | 0.58 | 8.8 | 0.04 | Jul 12, 2017 | An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary… | ||
| CVE-2017-10971 | Hig | 0.58 | 8.8 | 0.04 | Jul 6, 2017 | In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. | ||
| CVE-2026-35093 | Hig | 0.57 | 8.8 | 0.00 | Apr 1, 2026 | A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program… | ||
| CVE-2017-1000456 | Hig | 0.57 | 8.8 | 0.02 | Jan 2, 2018 | freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. | ||
| CVE-2017-15565 | Hig | 0.57 | 8.8 | 0.02 | Oct 17, 2017 | In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. | ||
| CVE-2026-50264 | Hig | 0.51 | 7.8 | 0.00 | Jun 5, 2026 | An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the… |
- risk 0.64cvss 9.8epss 0.02
A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact.
- risk 0.64cvss 9.8epss 0.08
Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated…
- risk 0.64cvss 9.8epss 0.03
Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.
- risk 0.64cvss 9.8epss 0.03
Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string.
- risk 0.64cvss 9.8epss 0.02
Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.
- risk 0.64cvss 9.8epss 0.03
The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths.
- risk 0.64cvss 9.8epss 0.04
Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.
- risk 0.64cvss 9.8epss 0.04
X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data.
- risk 0.64cvss 9.8epss 0.04
Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.
- risk 0.64cvss 9.8epss 0.03
Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.
- risk 0.64cvss 9.8epss 0.04
The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations.
- risk 0.64cvss 9.8epss 0.04
The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations.
- risk 0.64cvss 9.8epss 0.05
The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data.
- risk 0.64cvss 9.8epss 0.04
Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in…
- risk 0.58cvss 8.8epss 0.04
An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary…
- risk 0.58cvss 8.8epss 0.04
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.
- risk 0.57cvss 8.8epss 0.00
A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program…
- risk 0.57cvss 8.8epss 0.02
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.
- risk 0.57cvss 8.8epss 0.02
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.
- risk 0.51cvss 7.8epss 0.00
An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the…