cbcvebase.

X.Org Xorg-Server vulnerabilities

124 known vulnerabilities affecting x.org/xorg-server.

Total CVEs
124
CISA KEV
0
Public exploits
5
Exploited in wild
2
Severity breakdown
CRITICAL21HIGH58MEDIUM38LOW7

Vulnerabilities

Page 2 of 7
CVE-2017-12177P3CRITICALCVSS 9.8≥ 0, < 2:1.19.5-12018-01-24
CVE-2017-12177 [CRITICAL] CVE-2017-12177: xorg-x11-server before 1 xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
osv
CVE-2024-31083P3HIGHCVSS 7.8≥ 0, < 2:1.20.11-1+deb11u13≥ 0, < 2:21.1.7-3+deb12u7+1 more2024-04-05
CVE-2024-31083 [HIGH] CVE-2024-31083: A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-fre
osv
CVE-2006-0745P4HIGHCVSS 7.2PoC≥ 0, < 1:1.0.2-12006-03-21
CVE-2006-0745 [HIGH] CVE-2006-0745: X X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.
osv
CVE-2022-46342P3HIGHCVSS 8.8≥ 0, < 2:1.20.11-1+deb11u4≥ 0, < 2:21.1.5-12022-12-14
CVE-2022-46342 [HIGH] CVE-2022-46342: A vulnerability was found in X A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se
osv
CVE-2023-6377P3HIGHCVSS 7.8≥ 0, < 2:1.20.13-1ubuntu1~20.04.12≥ 0, < 2:21.1.4-2ubuntu1.7~22.04.52023-12-13
CVE-2023-6377 [HIGH] xorg-server, xwayland vulnerabilities xorg-server, xwayland vulnerabilities Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled XKB button actions. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges. (CVE-2023-6377) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the RRChangeOutputProperty and RRChangeProviderProperty APIs. An attacker coul
osv
CVE-2024-0229P3HIGHCVSS 7.8≥ 0, < 2:1.20.11-1+deb11u11≥ 0, < 2:21.1.7-3+deb12u5+1 more2024-02-09
CVE-2024-0229 [HIGH] CVE-2024-0229: An out-of-bounds memory access flaw was found in the X An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.
osv
CVE-2008-2362P3CRITICALCVSS 10.0≥ 0, < 2:1.4.1~git20080517-22008-06-16
CVE-2008-2362 [CRITICAL] CVE-2008-2362: Multiple integer overflows in the Render extension in the X server 1 Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corrup
osv
CVE-2024-21885P3HIGHCVSS 7.8≥ 0, < 2:1.20.11-1+deb11u11≥ 0, < 2:21.1.7-3+deb12u5+1 more2024-02-28
CVE-2024-21885 [HIGH] CVE-2024-21885: A flaw was found in X A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.
osv
CVE-2010-4818P3HIGHCVSS 8.5≥ 0, < 2:1.9.99.902-12012-09-05
CVE-2010-4818 [HIGH] CVE-2010-4818: The GLX extension in X The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via (1) a crafted request that triggers a client swap in glx/glxcmdsswap.c; or (2) a crafted length or (3) a negative value in the screen field in a request to glx/glxcmds.c.
osv
CVE-2024-21886P3HIGHCVSS 7.8≥ 0, < 2:1.20.11-1+deb11u11≥ 0, < 2:21.1.7-3+deb12u5+1 more2024-02-28
CVE-2024-21886 [HIGH] CVE-2024-21886: A heap buffer overflow flaw was found in the DisableDevice function in the X A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.
osv
CVE-2022-2320P3HIGHCVSS 7.8≥ 0, < 2:1.20.11-1+deb11u2≥ 0, < 2:21.1.4-12022-09-01
CVE-2022-2320 [HIGH] CVE-2022-2320: A flaw was found in the Xorg-x11-server A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.
osv
CVE-2007-6427P3HIGHCVSS 7.5≥ 0, < 2:1.4.1~git20080105-22008-01-18
CVE-2007-6427 [HIGH] CVE-2007-6427: The XInput extension in X The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.
osv
CVE-2023-6478P3HIGHCVSS 7.5≥ 0, < 2:1.15.1-0ubuntu2.11+esm92024-03-13
CVE-2023-6478 [HIGH] xorg-server vulnerabilities xorg-server vulnerabilities USN-6587-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the RRChangeOutputProperty and RRChangeProviderProperty APIs. An attacker could possibly use this issue to cause the X Server to crash, or obtain sensitive information. (CVE-2023-6
osv
CVE-2025-26595P3HIGHCVSS 7.8≥ 0, < 2:1.20.11-1+deb11u15≥ 0, < 2:21.1.7-3+deb12u9+1 more2025-02-25
CVE-2025-26595 [HIGH] CVE-2025-26595: A buffer overflow flaw was found in X A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.
osv
CVE-2025-26598P3HIGHCVSS 7.8≥ 0, < 2:1.20.11-1+deb11u15≥ 0, < 2:21.1.7-3+deb12u9+1 more2025-02-25
CVE-2025-26598 [HIGH] CVE-2025-26598: An out-of-bounds write flaw was found in X An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.
osv
CVE-2025-49180P3HIGHCVSS 7.8≥ 0, < 2:1.20.11-1+deb11u16≥ 0, < 2:21.1.7-3+deb12u10+1 more2025-06-17
CVE-2025-49180 [HIGH] CVE-2025-49180: A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
osv
CVE-2025-62231P3HIGHCVSS 7.3≥ 0, < 2:1.20.11-1+deb11u17≥ 0, < 2:21.1.7-3+deb12u11+2 more2025-10-30
CVE-2025-62231 [HIGH] CVE-2025-62231: A flaw was identified in the X A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
osv
CVE-2007-5958P4MEDIUMCVSS 5.0PoC≥ 0, < 2:1.4.1~git20080105-22008-01-18
CVE-2007-5958 [MEDIUM] CVE-2007-5958: X X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.
osv
CVE-2007-5760P3CRITICALCVSS 9.3≥ 0, < 2:1.4.1~git20080105-22008-01-18
CVE-2007-5760 [CRITICAL] CVE-2007-5760: Array index error in the XFree86-Misc extension in X Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index.
osv
CVE-2022-4283P3HIGHCVSS 7.8≥ 0, < 2:1.20.11-1+deb11u4≥ 0, < 2:21.1.5-12022-12-14
CVE-2022-4283 [HIGH] CVE-2022-4283: A vulnerability was found in X A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
osv
X.Org Xorg-Server vulnerabilities | cvebase