Mesa3D Mesa vulnerabilities

CVE-2026-40393 [HIGH] CWE-787 CVE-2026-40393: In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.

CVE-2023-45931 [HIGH] CWE-476 CVE-2023-45931: Mesa 23.0.4 was discovered to contain a NULL pointer dereference in check_xshm() for the has_error s Mesa 23.0.4 was discovered to contain a NULL pointer dereference in check_xshm() for the has_error state. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated.

CVE-2023-45913 [MEDIUM] CWE-476 CVE-2023-45913: Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawabl Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstr

CVE-2023-45919 [MEDIUM] CWE-126 CVE-2023-45919: Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is di Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.

CVE-2023-45922 [MEDIUM] CWE-754 CVE-2023-45922: glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGe glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.

CVE-2019-5068 [MEDIUM] CWE-277 CVE-2019-5068: An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Gr An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.

CVE-2013-1872 [MEDIUM] CVE-2013-1872: The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of ser The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796.

CVE-2013-1993 [MEDIUM] CWE-189 CVE-2013-1993: Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allo Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions.

CVE-2012-5129 [HIGH] CVE-2012-5129: Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS before 23 Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS before 23.0.1271.94 allows remote attackers to cause a denial of service (GPU process crash) or possibly have unspecified other impact via unknown vectors.

CVE-2012-2864 [CRITICAL] CVE-2012-2864: Mesa, as used in Google Chrome before 21 Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow."