CVE-2015-0255 — Sensitive Information Exposure in X Server

CWE-200 — Sensitive Information Exposure CWE-125 — Out-of-bounds Read12 documents8 sources

Severity

6.4MEDIUMNVD

OSV5.0

EPSS

6.4%

top 8.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xorg-server X.org X Server Opensuse

Timeline

PublishedFeb 13

Latest updateMay 14

Description

X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.

CVSS vector

AV:N/AC:L/C:P/I:N/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages4 packages

▶Debianx.org/xorg-server< 2:1.16.4-1+3

▶Ubuntux.org/xorg-server< 2:1.15.1-0ubuntu2.7

▶NVDx.org/x_server1.16.3+1

▶NVDopensuse/opensuse13.1, 13.2+1

Patches

Patch: www.x.org ↗Patch: www.x.org ↗

🔴Vulnerability Details

GHSA

GHSA-qf46-p69c-vqm4: X↗2022-05-14

▶

OSV

vnc4 vulnerabilities↗2021-03-15

▶

OSV

xorg-server, xorg-server-lts-trusty, xorg-server-lts-utopic vulnerabilities↗2015-02-17

▶

CVEList

CVE-2015-0255: X↗2015-02-13

▶

OSV

CVE-2015-0255: X↗2015-02-13

▶

📋Vendor Advisories

Ubuntu

VNC4 vulnerabilities↗2021-03-15

▶

Ubuntu

X.Org X server vulnerabilities↗2015-02-17

▶

Red Hat

xorg-x11-server: information leak in the XkbSetGeometry request of X servers↗2015-02-10

▶

Debian

CVE-2015-0255: xorg-server - X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17....↗2015

▶

💬Community

Bugzilla

CVE-2015-0255 xorg-x11-server: information leak in the XkbSetGeometry request of X servers [fedora-all]↗2015-02-17

▶

Bugzilla

CVE-2015-0255 xorg-x11-server: information leak in the XkbSetGeometry request of X servers↗2015-02-04

▶