X.Org Xorg-Server vulnerabilities
124 known vulnerabilities affecting x.org/xorg-server.
Total CVEs
124
CISA KEV
0
Public exploits
5
Exploited in wild
2
Severity breakdown
CRITICAL21HIGH58MEDIUM38LOW7
Vulnerabilities
Page 3 of 7
CVE-2023-0494P3HIGHCVSS 7.8≥ 0, < 2:1.20.11-1+deb11u5≥ 0, < 2:21.1.7-12023-03-27
CVE-2023-0494 [HIGH] CVE-2023-0494: A vulnerability was found in X
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
osv
CVE-2024-9632P3HIGHCVSS 7.8≥ 0, < 2:1.20.11-1+deb11u14≥ 0, < 2:21.1.7-3+deb12u8+1 more2024-10-30
CVE-2024-9632 [HIGH] CVE-2024-9632: A flaw was found in the X
A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges.
osv
CVE-2025-26597P3HIGHCVSS 7.8≥ 0, < 2:1.20.11-1+deb11u15≥ 0, < 2:21.1.7-3+deb12u9+1 more2025-02-25
CVE-2025-26597 [HIGH] CVE-2025-26597: A buffer overflow flaw was found in X
A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size.
osv
CVE-2006-6102P3CRITICALCVSS 10.0≥ 0, < 2:1.1.1-152006-12-31
CVE-2006-6102 [CRITICAL] CVE-2006-6102: Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X
Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.
osv
CVE-2021-3472P3HIGHCVSS 7.8≥ 0, < 2:1.20.11-12021-04-26
CVE-2021-3472 [HIGH] CVE-2021-3472: A flaw was found in xorg-x11-server in versions before 1
A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
osv
CVE-2020-14346P3HIGHCVSS 7.8≥ 0, < 2:1.18.4-0ubuntu0.9≥ 0, < 2:1.19.6-1ubuntu4.5+1 more2020-09-02
CVE-2020-14346 [HIGH] xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04 vulnerabilities
xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04 vulnerabilities
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the
input extension protocol. A local attacker could possibly use this issue to
escalate privileges. (CVE-2020-14346)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly initialized
memory. A local attacker could possibly use this issue to obtain
osv
CVE-2023-5367P3HIGHCVSS 7.8≥ 0, < 2:1.15.1-0ubuntu2.11+esm8≥ 0, < 2:1.18.4-0ubuntu0.12+esm6+1 more2023-10-31
CVE-2023-5367 [HIGH] xorg-server vulnerabilities
xorg-server vulnerabilities
USN-6453-1 fixed several vulnerabilities in X.Org. This update provides
the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and
Ubuntu 18.04 LTS.
Original advisory details:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
prepending values to certain properties. An attacker could possibly use
this issue to cause the X Server to crash, execute arbitrary code, or
escalate privileges. (
osv
CVE-2020-14345P3HIGHCVSS 7.8≥ 0, < 2:1.20.9-12020-09-15
CVE-2020-14345 [HIGH] CVE-2020-14345: A flaw was found in X
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
osv
CVE-2021-4010P3HIGHCVSS 7.8≥ 0, < 2:1.20.11-1+deb11u1≥ 0, < 2:1.20.13-32021-12-17
CVE-2021-4010 [HIGH] CVE-2021-4010: A flaw was found in xorg-x11-server in versions before 21
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
osv
CVE-2021-4009P3HIGHCVSS 7.8≥ 0, < 2:1.20.11-1+deb11u1≥ 0, < 2:1.20.13-32021-12-17
CVE-2021-4009 [HIGH] CVE-2021-4009: A flaw was found in xorg-x11-server in versions before 21
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
osv
CVE-2021-4008P3HIGHCVSS 7.8≥ 0, < 2:1.20.11-1+deb11u1≥ 0, < 2:1.20.13-32021-12-17
CVE-2021-4008 [HIGH] CVE-2021-4008: A flaw was found in xorg-x11-server in versions before 21
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
osv
CVE-2021-4011P3HIGHCVSS 7.8≥ 0, < 2:1.20.11-1+deb11u1≥ 0, < 2:1.20.13-32021-12-17
CVE-2021-4011 [HIGH] CVE-2021-4011: A flaw was found in xorg-x11-server in versions before 21
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
osv
CVE-2025-26596P3HIGHCVSS 7.8≥ 0, < 2:1.20.11-1+deb11u15≥ 0, < 2:21.1.7-3+deb12u9+1 more2025-02-25
CVE-2025-26596 [HIGH] CVE-2025-26596: A heap overflow flaw was found in X
A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow.
osv
CVE-2008-2360P3CRITICALCVSS 9.0≥ 0, < 2:1.4.1~git20080517-22008-06-16
CVE-2008-2360 [CRITICAL] CVE-2008-2360: Integer overflow in the AllocateGlyph function in the Render extension in the X server 1
Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow.
osv
CVE-2022-49737P3HIGHCVSS 7.7≥ 0, < 2:21.1.16-1.12025-03-16
CVE-2022-49737 [HIGH] CVE-2022-49737: In X
In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input lock.
osv
CVE-2008-1377P3CRITICALCVSS 9.0≥ 0, < 2:1.4.1~git20080517-22008-06-16
CVE-2008-1377 [CRITICAL] CVE-2008-1377: The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization f
The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted le
osv
CVE-2025-62230P3HIGHCVSS 7.3≥ 0, < 2:1.20.11-1+deb11u17≥ 0, < 2:21.1.7-3+deb12u11+2 more2025-10-30
CVE-2025-62230 [HIGH] CVE-2025-62230: A flaw was discovered in the X
A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect.
osv
CVE-2008-0006P3HIGHCVSS 7.5≥ 0, < 2:1.4.1~git20080105-22008-01-18
CVE-2008-0006 [HIGH] CVE-2008-0006: Buffer overflow in (1) X
Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.
osv
CVE-2007-1003P3CRITICALCVSS 9.0≥ 0, < 2:1.1.1-212007-04-06
CVE-2007-1003 [CRITICAL] CVE-2007-1003: Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X
Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.
osv
CVE-2020-14361P3HIGHCVSS 7.8≥ 0, < 2:1.20.9-12020-09-15
CVE-2020-14361 [HIGH] CVE-2020-14361: A flaw was found in X
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
osv