X.org: >> Xorg-Server Security Vulnerabilities
xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-01-24
xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.009
Published
2018-01-24
xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.009
Published
2018-01-24
xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.008
Published
2018-01-24
xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-01-24
In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.
CVSS Score
4.7
EPSS Score
0.001
Published
2017-10-10
In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-10-10
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.
CVSS Score
8.8
EPSS Score
0.025
Published
2017-07-06
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-07-06
The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.
CVSS Score
7.5
EPSS Score
0.005
Published
2016-12-13