VYPR

Vendor CVEs

Xorg

All CVEs

379 total · sorted by risk
  • CVE-2017-14975HigOct 2, 2017
    risk 0.49cvss 7.5epss 0.02

    The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.

  • CVE-2017-14929HigSep 30, 2017
    risk 0.49cvss 7.5epss 0.01

    In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different…

  • CVE-2017-14519HigSep 17, 2017
    risk 0.49cvss 7.5epss 0.02

    In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).

  • CVE-2017-2818HigJul 12, 2017
    risk 0.49cvss 7.5epss 0.02

    An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be…

  • CVE-2017-2814HigJul 12, 2017
    risk 0.49cvss 7.5epss 0.03

    An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker…

  • CVE-2017-5843HigFeb 9, 2017
    risk 0.49cvss 7.5epss 0.04

    Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as…

  • CVE-2016-7952HigDec 13, 2016
    risk 0.49cvss 7.5epss 0.02

    X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.

  • CVE-2016-7946HigDec 13, 2016
    risk 0.49cvss 7.5epss 0.03

    X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.

  • CVE-2016-7945HigDec 13, 2016
    risk 0.49cvss 7.5epss 0.03

    Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.

  • CVE-2015-3418HigDec 13, 2016
    risk 0.49cvss 7.5epss 0.02

    The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.

  • CVE-2026-50292HigJun 4, 2026
    risk 0.48cvss 7.4epss 0.01

    In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution

  • CVE-2003-0063HigMar 3, 2003
    risk 0.48cvss 7.3epss 0.03

    The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence,…

  • CVE-2025-62229HigOct 30, 2025
    risk 0.47cvss 7.3epss 0.00

    A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash,…

  • CVE-2024-31082HigApr 4, 2024
    risk 0.47cvss 7.3epss 0.00

    A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a…

  • CVE-2024-31081HigApr 4, 2024
    risk 0.47cvss 7.3epss 0.01

    A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a…

  • CVE-2024-31080HigApr 4, 2024
    risk 0.47cvss 7.3epss 0.01

    A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a…

  • CVE-2017-13722HigOct 11, 2017
    risk 0.46cvss 7.1epss 0.00

    In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X…

  • CVE-2017-13720HigOct 11, 2017
    risk 0.46cvss 7.1epss 0.00

    In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This…

  • CVE-2025-49180HigJun 17, 2025
    risk 0.44cvss 7.8epss 0.00

    A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.

  • CVE-2017-9775MedJun 22, 2017
    risk 0.43cvss 6.5epss 0.04

    Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.

  • CVE-2017-10972MedJul 6, 2017
    risk 0.42cvss 6.5epss 0.02

    Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.

  • CVE-2017-9408MedJun 2, 2017
    risk 0.42cvss 6.5epss 0.02

    In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-9406MedJun 2, 2017
    risk 0.42cvss 6.5epss 0.01

    In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-9083MedMay 19, 2017
    risk 0.42cvss 6.5epss 0.01

    poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.

  • CVE-2026-34002MedMay 5, 2026
    risk 0.40cvss 6.1epss 0.00

    A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its…

  • CVE-2026-34000MedMay 5, 2026
    risk 0.40cvss 6.1epss 0.00

    A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a…

  • CVE-2017-2624MedJul 27, 2018
    risk 0.38cvss 5.9epss 0.01

    It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is…

  • CVE-2026-50263MedJun 5, 2026
    risk 0.36cvss 5.5epss 0.00

    A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.

  • CVE-2026-50262MedJun 5, 2026
    risk 0.36cvss 5.5epss 0.00

    An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists…

  • CVE-2026-4897MedMar 26, 2026
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of…

  • CVE-2018-7452MedFeb 24, 2018
    risk 0.36cvss 5.5epss 0.01

    A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.

  • CVE-2017-14928MedSep 30, 2017
    risk 0.36cvss 5.5epss 0.01

    In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.

  • CVE-2017-14927MedSep 30, 2017
    risk 0.36cvss 5.5epss 0.01

    In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.

  • CVE-2017-14926MedSep 30, 2017
    risk 0.36cvss 5.5epss 0.01

    In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.

  • CVE-2017-14517MedSep 17, 2017
    risk 0.36cvss 5.5epss 0.01

    In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.

  • CVE-2017-9865MedJun 25, 2017
    risk 0.36cvss 5.5epss 0.02

    The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.

  • CVE-2017-7515MedJun 6, 2017
    risk 0.36cvss 5.5epss 0.01

    poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.

  • CVE-2017-7511MedMay 30, 2017
    risk 0.36cvss 5.5epss 0.01

    poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.

  • CVE-2017-6355MedMar 10, 2017
    risk 0.36cvss 5.5epss 0.00

    Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length and offlen values, which trigger an out-of-bounds access.

  • CVE-2026-1940MedMar 23, 2026
    risk 0.33cvss 5.1epss 0.00

    An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd…

  • CVE-2017-13721MedOct 10, 2017
    risk 0.31cvss 4.7epss 0.00

    In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.

  • CVE-2014-3477MedJul 1, 2014
    risk 0.26cvss 4.0epss 0.00

    The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service…

  • CVE-2026-35094LowApr 1, 2026
    risk 0.21cvss 3.3epss 0.00

    A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system…

  • CVE-2025-52968LowJun 23, 2025
    risk 0.18cvss 2.7epss 0.00

    xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange…

  • CVE-2018-19788Dec 3, 2018
    risk 0.05cvss epss 0.11

    A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

  • CVE-2004-0084Mar 3, 2004
    risk 0.05cvss epss 0.25

    Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than…

  • CVE-2004-0083Mar 3, 2004
    risk 0.05cvss epss 0.21

    Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.

  • CVE-2002-1317Dec 11, 2002
    risk 0.05cvss epss 0.24

    Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.

  • CVE-1999-0526Jul 1, 1997
    risk 0.05cvss epss 0.21

    An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.

  • CVE-2019-14378Jul 29, 2019
    risk 0.04cvss epss 0.17

    ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.

Page 2 of 8