Vendor CVEs
Xorg
All CVEs
379 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14975 | Hig | 0.49 | 7.5 | 0.02 | Oct 2, 2017 | The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack. | ||
| CVE-2017-14929 | Hig | 0.49 | 7.5 | 0.01 | Sep 30, 2017 | In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different… | ||
| CVE-2017-14519 | Hig | 0.49 | 7.5 | 0.02 | Sep 17, 2017 | In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop). | ||
| CVE-2017-2818 | Hig | 0.49 | 7.5 | 0.02 | Jul 12, 2017 | An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be… | ||
| CVE-2017-2814 | Hig | 0.49 | 7.5 | 0.03 | Jul 12, 2017 | An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker… | ||
| CVE-2017-5843 | Hig | 0.49 | 7.5 | 0.04 | Feb 9, 2017 | Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as… | ||
| CVE-2016-7952 | Hig | 0.49 | 7.5 | 0.02 | Dec 13, 2016 | X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data. | ||
| CVE-2016-7946 | Hig | 0.49 | 7.5 | 0.03 | Dec 13, 2016 | X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields. | ||
| CVE-2016-7945 | Hig | 0.49 | 7.5 | 0.03 | Dec 13, 2016 | Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields. | ||
| CVE-2015-3418 | Hig | 0.49 | 7.5 | 0.02 | Dec 13, 2016 | The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request. | ||
| CVE-2026-50292 | Hig | 0.48 | 7.4 | 0.01 | Jun 4, 2026 | In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution | ||
| CVE-2003-0063 | Hig | 0.48 | 7.3 | 0.03 | Mar 3, 2003 | The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence,… | ||
| CVE-2025-62229 | Hig | 0.47 | 7.3 | 0.00 | Oct 30, 2025 | A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash,… | ||
| CVE-2024-31082 | Hig | 0.47 | 7.3 | 0.00 | Apr 4, 2024 | A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a… | ||
| CVE-2024-31081 | Hig | 0.47 | 7.3 | 0.01 | Apr 4, 2024 | A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a… | ||
| CVE-2024-31080 | Hig | 0.47 | 7.3 | 0.01 | Apr 4, 2024 | A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a… | ||
| CVE-2017-13722 | Hig | 0.46 | 7.1 | 0.00 | Oct 11, 2017 | In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X… | ||
| CVE-2017-13720 | Hig | 0.46 | 7.1 | 0.00 | Oct 11, 2017 | In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This… | ||
| CVE-2025-49180 | Hig | 0.44 | 7.8 | 0.00 | Jun 17, 2025 | A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate. | ||
| CVE-2017-9775 | Med | 0.43 | 6.5 | 0.04 | Jun 22, 2017 | Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. | ||
| CVE-2017-10972 | Med | 0.42 | 6.5 | 0.02 | Jul 6, 2017 | Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server. | ||
| CVE-2017-9408 | Med | 0.42 | 6.5 | 0.02 | Jun 2, 2017 | In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file. | ||
| CVE-2017-9406 | Med | 0.42 | 6.5 | 0.01 | Jun 2, 2017 | In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. | ||
| CVE-2017-9083 | Med | 0.42 | 6.5 | 0.01 | May 19, 2017 | poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file. | ||
| CVE-2026-34002 | Med | 0.40 | 6.1 | 0.00 | May 5, 2026 | A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its… | ||
| CVE-2026-34000 | Med | 0.40 | 6.1 | 0.00 | May 5, 2026 | A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a… | ||
| CVE-2017-2624 | Med | 0.38 | 5.9 | 0.01 | Jul 27, 2018 | It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is… | ||
| CVE-2026-50263 | Med | 0.36 | 5.5 | 0.00 | Jun 5, 2026 | A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure. | ||
| CVE-2026-50262 | Med | 0.36 | 5.5 | 0.00 | Jun 5, 2026 | An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists… | ||
| CVE-2026-4897 | Med | 0.36 | 5.5 | 0.00 | Mar 26, 2026 | A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of… | ||
| CVE-2018-7452 | Med | 0.36 | 5.5 | 0.01 | Feb 24, 2018 | A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. | ||
| CVE-2017-14928 | Med | 0.36 | 5.5 | 0.01 | Sep 30, 2017 | In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. | ||
| CVE-2017-14927 | Med | 0.36 | 5.5 | 0.01 | Sep 30, 2017 | In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document. | ||
| CVE-2017-14926 | Med | 0.36 | 5.5 | 0.01 | Sep 30, 2017 | In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document. | ||
| CVE-2017-14517 | Med | 0.36 | 5.5 | 0.01 | Sep 17, 2017 | In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document. | ||
| CVE-2017-9865 | Med | 0.36 | 5.5 | 0.02 | Jun 25, 2017 | The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc. | ||
| CVE-2017-7515 | Med | 0.36 | 5.5 | 0.01 | Jun 6, 2017 | poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. | ||
| CVE-2017-7511 | Med | 0.36 | 5.5 | 0.01 | May 30, 2017 | poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents. | ||
| CVE-2017-6355 | Med | 0.36 | 5.5 | 0.00 | Mar 10, 2017 | Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length and offlen values, which trigger an out-of-bounds access. | ||
| CVE-2026-1940 | Med | 0.33 | 5.1 | 0.00 | Mar 23, 2026 | An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd… | ||
| CVE-2017-13721 | Med | 0.31 | 4.7 | 0.00 | Oct 10, 2017 | In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session. | ||
| CVE-2014-3477 | Med | 0.26 | 4.0 | 0.00 | Jul 1, 2014 | The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service… | ||
| CVE-2026-35094 | Low | 0.21 | 3.3 | 0.00 | Apr 1, 2026 | A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system… | ||
| CVE-2025-52968 | Low | 0.18 | 2.7 | 0.00 | Jun 23, 2025 | xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange… | ||
| CVE-2018-19788 | 0.05 | — | 0.11 | Dec 3, 2018 | A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. | |||
| CVE-2004-0084 | 0.05 | — | 0.25 | Mar 3, 2004 | Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than… | |||
| CVE-2004-0083 | 0.05 | — | 0.21 | Mar 3, 2004 | Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106. | |||
| CVE-2002-1317 | 0.05 | — | 0.24 | Dec 11, 2002 | Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query. | |||
| CVE-1999-0526 | 0.05 | — | 0.21 | Jul 1, 1997 | An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server. | |||
| CVE-2019-14378 | 0.04 | — | 0.17 | Jul 29, 2019 | ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. |
- risk 0.49cvss 7.5epss 0.02
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.
- risk 0.49cvss 7.5epss 0.01
In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different…
- risk 0.49cvss 7.5epss 0.02
In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).
- risk 0.49cvss 7.5epss 0.02
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be…
- risk 0.49cvss 7.5epss 0.03
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker…
- risk 0.49cvss 7.5epss 0.04
Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as…
- risk 0.49cvss 7.5epss 0.02
X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.
- risk 0.49cvss 7.5epss 0.03
X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.
- risk 0.49cvss 7.5epss 0.03
Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.
- risk 0.49cvss 7.5epss 0.02
The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.
- risk 0.48cvss 7.4epss 0.01
In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution
- risk 0.48cvss 7.3epss 0.03
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence,…
- risk 0.47cvss 7.3epss 0.00
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash,…
- risk 0.47cvss 7.3epss 0.00
A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a…
- risk 0.47cvss 7.3epss 0.01
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a…
- risk 0.47cvss 7.3epss 0.01
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a…
- risk 0.46cvss 7.1epss 0.00
In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X…
- risk 0.46cvss 7.1epss 0.00
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This…
- risk 0.44cvss 7.8epss 0.00
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
- risk 0.43cvss 6.5epss 0.04
Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
- risk 0.42cvss 6.5epss 0.02
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.
- risk 0.42cvss 6.5epss 0.02
In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.
- risk 0.42cvss 6.5epss 0.01
In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.
- risk 0.42cvss 6.5epss 0.01
poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.
- risk 0.40cvss 6.1epss 0.00
A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its…
- risk 0.40cvss 6.1epss 0.00
A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a…
- risk 0.38cvss 5.9epss 0.01
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is…
- risk 0.36cvss 5.5epss 0.00
A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.
- risk 0.36cvss 5.5epss 0.00
An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists…
- risk 0.36cvss 5.5epss 0.00
A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of…
- risk 0.36cvss 5.5epss 0.01
A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
- risk 0.36cvss 5.5epss 0.01
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.
- risk 0.36cvss 5.5epss 0.01
In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.
- risk 0.36cvss 5.5epss 0.01
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.
- risk 0.36cvss 5.5epss 0.01
In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.
- risk 0.36cvss 5.5epss 0.02
The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.
- risk 0.36cvss 5.5epss 0.01
poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.
- risk 0.36cvss 5.5epss 0.01
poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.
- risk 0.36cvss 5.5epss 0.00
Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length and offlen values, which trigger an out-of-bounds access.
- risk 0.33cvss 5.1epss 0.00
An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd…
- risk 0.31cvss 4.7epss 0.00
In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.
- risk 0.26cvss 4.0epss 0.00
The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service…
- risk 0.21cvss 3.3epss 0.00
A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system…
- risk 0.18cvss 2.7epss 0.00
xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange…
- CVE-2018-19788Dec 3, 2018risk 0.05cvss —epss 0.11
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
- CVE-2004-0084Mar 3, 2004risk 0.05cvss —epss 0.25
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than…
- CVE-2004-0083Mar 3, 2004risk 0.05cvss —epss 0.21
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
- CVE-2002-1317Dec 11, 2002risk 0.05cvss —epss 0.24
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
- CVE-1999-0526Jul 1, 1997risk 0.05cvss —epss 0.21
An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.
- CVE-2019-14378Jul 29, 2019risk 0.04cvss —epss 0.17
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
Page 2 of 8