Xorg
Products by Xorg Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2022 there have been 0 vulnerabilities in Xorg . Last year Xorg had 8 security vulnerabilities published. Right now, Xorg is on track to have less security vulnerabilities in 2022 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2022 | 0 | 0.00 |
| 2021 | 8 | 7.95 |
| 2020 | 8 | 7.38 |
| 2019 | 1 | 7.80 |
| 2018 | 4 | 8.43 |
It may take a day or so for new Xorg vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Xorg Security Vulnerabilities
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14
CVE-2021-4008
7.8 - High
- December 17, 2021
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Buffer Overflow
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14
CVE-2021-4009
7.8 - High
- December 17, 2021
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Buffer Overflow
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14
CVE-2021-4010
7.8 - High
- December 17, 2021
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Buffer Overflow
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14
CVE-2021-4011
7.8 - High
- December 17, 2021
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Buffer Overflow
LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code
CVE-2021-31535
9.8 - Critical
- May 27, 2021
LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.
Classic Buffer Overflow
A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients
CVE-2020-25697
7 - High
- May 26, 2021
A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server it is expecting to connect to.
Missing Authentication for Critical Function
A flaw was found in xorg-x11-server in versions before 1.20.11
CVE-2021-3472
7.8 - High
- April 26, 2021
A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Integer underflow
A flaw was found in the X.Org Server before version 1.20.10
CVE-2020-14360
7.8 - High
- January 20, 2021
A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Buffer Overflow
A flaw was found in xorg-x11-server before 1.20.10
CVE-2020-25712
7.8 - High
- December 15, 2020
A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Heap-based Buffer Overflow
A flaw was found in X.Org Server before xorg-x11-server 1.20.9
CVE-2020-14362
7.8 - High
- September 15, 2020
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Integer underflow
A flaw was found in X.Org Server before xorg-x11-server 1.20.9
CVE-2020-14361
7.8 - High
- September 15, 2020
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Integer underflow
A flaw was found in xorg-x11-server before 1.20.9
CVE-2020-14346
7.8 - High
- September 15, 2020
A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Integer underflow
A flaw was found in X.Org Server before xorg-x11-server 1.20.9
CVE-2020-14345
7.8 - High
- September 15, 2020
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Buffer Overflow
An integer overflow vulnerability leading to a double-free was found in libX11
CVE-2020-14363
7.8 - High
- September 11, 2020
An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.
Integer Overflow or Wraparound
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10
CVE-2020-14344
6.7 - Medium
- August 05, 2020
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.
Integer Overflow or Wraparound
A flaw was found in the way xserver memory was not properly initialized
CVE-2020-14347
5.5 - Medium
- August 05, 2020
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.
Improper Initialization
"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap
CVE-2019-17624
7.8 - High
- October 16, 2019
"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. Note: It is disputed if the X.Org X Server is involved or if there is a stack overflow.
Memory Corruption
A flaw was found in xorg-x11-server before 1.20.3
CVE-2018-14665
6.6 - Medium
- October 25, 2018
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
AuthZ
An issue was discovered in libX11 through 1.6.5
CVE-2018-14600
9.8 - Critical
- August 24, 2018
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.
Memory Corruption
An issue was discovered in libX11 through 1.6.5
CVE-2018-14599
9.8 - Critical
- August 24, 2018
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.
off-by-five
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5
CVE-2018-14598
7.5 - High
- August 24, 2018
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).
Improper Input Validation
The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file
CVE-2011-4613
- February 05, 2014
The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.
Permissions, Privileges, and Access Controls
Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo
CVE-2013-6425
- January 18, 2014
Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
Numeric Errors
Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org
CVE-2013-6424
- January 18, 2014
Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
Integer underflow
Multiple buffer overflows in X.org libXi 1.7.1 and earlier
CVE-2013-1998
- June 15, 2013
Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions.
Buffer Overflow
X.org libXi 1.7.1 and earlier
CVE-2013-1995
- June 15, 2013
X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function.
Buffer Overflow
Multiple integer overflows in X.org libXi 1.7.1 and earlier
CVE-2013-1984
- June 15, 2013
Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions.
Numeric Errors
The LockServer function in os/utils.c in X.Org xserver before 1.11.2
CVE-2011-4028
- July 03, 2012
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.
insecure temporary file
The LockServer function in os/utils.c in X.Org xserver before 1.11.2
CVE-2011-4029
- July 03, 2012
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.
Race Condition