Invisible Island Xterm
By the Year
In 2024 there have been 0 vulnerabilities in Invisible Island Xterm . Last year Xterm had 1 security vulnerability published. Right now, Xterm is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 9.80 |
| 2022 | 2 | 7.65 |
| 2021 | 1 | 9.80 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Xterm vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Invisible Island Xterm Security Vulnerabilities
xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e
CVE-2023-40359
9.8 - Critical
- August 14, 2023
xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature.
xterm before 375 allows code execution via font ops, e.g
CVE-2022-45063
9.8 - Critical
- November 10, 2022
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.
Command Injection
xterm through Patch 370, when Sixel support is enabled
CVE-2022-24130
5.5 - Medium
- January 31, 2022
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.
Classic Buffer Overflow
xterm before Patch #366
CVE-2021-27135
9.8 - Critical
- February 10, 2021
xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.
CRLF injection vulnerability in xterm
CVE-2008-2383
- January 02, 2009
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
Code Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Invisible Island Xterm or by Invisible Island? Click the Watch button to subscribe.
