cbcvebase.

X.Org Xorg-Server vulnerabilities

124 known vulnerabilities affecting x.org/xorg-server.

Total CVEs
124
CISA KEV
0
Public exploits
5
Exploited in wild
2
Severity breakdown
CRITICAL21HIGH58MEDIUM38LOW7

Vulnerabilities

Page 4 of 7
CVE-2022-2319P3HIGHCVSS 7.8≥ 0, < 2:1.20.11-1+deb11u2≥ 0, < 2:21.1.4-12022-09-01
CVE-2022-2319 [HIGH] CVE-2022-2319: A flaw was found in the Xorg-x11-server A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.
osv
CVE-2020-14360P3HIGHCVSS 7.8≥ 0, < 2:1.20.10-12021-01-20
CVE-2020-14360 [HIGH] CVE-2020-14360: A flaw was found in the X A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
osv
CVE-2025-26594P3HIGHCVSS 7.8≥ 0, < 2:1.20.11-1+deb11u15≥ 0, < 2:21.1.7-3+deb12u9+1 more2025-02-25
CVE-2025-26594 [HIGH] CVE-2025-26594: A use-after-free flaw was found in X A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.
osv
CVE-2025-26600P3HIGHCVSS 7.8≥ 0, < 2:1.20.11-1+deb11u15≥ 0, < 2:21.1.7-3+deb12u9+1 more2025-02-25
CVE-2025-26600 [HIGH] CVE-2025-26600: A use-after-free flaw was found in X A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free.
osv
CVE-2025-49179P3HIGHCVSS 7.3≥ 0, < 2:1.20.11-1+deb11u16≥ 0, < 2:21.1.7-3+deb12u10+1 more2025-06-17
CVE-2025-49179 [HIGH] CVE-2025-49179: A flaw was found in the X Record extension A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.
osv
CVE-2020-14362P3HIGHCVSS 7.8≥ 0, < 2:1.20.9-12020-09-15
CVE-2020-14362 [HIGH] CVE-2020-14362: A flaw was found in X A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
osv
CVE-2025-26601P3HIGHCVSS 7.8≥ 0, < 2:1.20.11-1+deb11u15≥ 0, < 2:21.1.7-3+deb12u9+1 more2025-02-25
CVE-2025-26601 [HIGH] CVE-2025-26601: A use-after-free flaw was found in X A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
osv
CVE-2024-31080P3HIGHCVSS 7.3≥ 0, < 2:1.15.1-0ubuntu2.11+esm12≥ 0, < 2:1.18.4-0ubuntu0.12+esm13+3 more2024-04-09
CVE-2024-31080 [HIGH] xorg-server, xwayland regression xorg-server, xwayland regression USN-6721-1 fixed vulnerabilities in X.Org X Server. That fix was incomplete resulting in a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. (CVE-2024-31080, CVE-2024-31081, CVE-2024-31082) It was discove
osv
CVE-2024-31081P3HIGHCVSS 7.3≥ 0, < 2:1.20.11-1+deb11u13≥ 0, < 2:21.1.7-3+deb12u7+1 more2024-04-04
CVE-2024-31081 [HIGH] CVE-2024-31081: A heap-based buffer over-read vulnerability was found in the X A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read h
osv
CVE-2025-62229P3HIGHCVSS 7.3≥ 0, < 2:1.20.11-1+deb11u17≥ 0, < 2:21.1.7-3+deb12u11+2 more2025-10-30
CVE-2025-62229 [HIGH] CVE-2025-62229: A flaw was found in the X A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
osv
CVE-2014-8098P3MEDIUMCVSS 6.5≥ 0, < 2:1.16.2.901-12014-12-10
CVE-2014-8098 [MEDIUM] CVE-2014-8098: The GLX extension in XFree86 4 The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) __glXDisp_Render, (2) __glXDisp_RenderLarge, (3) __glXDispSwap_VendorPrivate, (4) __glXDispSwap_VendorPrivateWithRe
osv
CVE-2025-26599P3HIGHCVSS 7.8≥ 0, < 2:1.20.11-1+deb11u15≥ 0, < 2:21.1.7-3+deb12u9+1 more2025-02-25
CVE-2025-26599 [HIGH] CVE-2025-26599: An access to an uninitialized pointer flaw was found in X An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.
osv
CVE-2024-0409P3HIGHCVSS 7.8≥ 0, < 2:1.20.11-1+deb11u11≥ 0, < 2:21.1.7-3+deb12u5+1 more2024-01-18
CVE-2024-0409 [HIGH] CVE-2024-0409: A flaw was found in the X A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.
osv
CVE-2020-25712P3HIGHCVSS 7.8≥ 0, < 2:1.20.10-12020-12-15
CVE-2020-25712 [HIGH] CVE-2020-25712: A flaw was found in xorg-x11-server before 1 A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
osv
CVE-2007-6429P3CRITICALCVSS 9.3≥ 0, < 2:1.4.1~git20080105-22008-01-18
CVE-2007-6429 [CRITICAL] CVE-2007-6429: Multiple integer overflows in X Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension.
osv
CVE-2024-31082P3HIGHCVSS 7.3≥ 0, < 2:1.20.11-1+deb11u13≥ 0, < 2:21.1.7-3+deb12u7+1 more2024-04-04
CVE-2024-31082 [HIGH] CVE-2024-31082: A heap-based buffer over-read vulnerability was found in the X A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read
osv
CVE-2007-2437P4MEDIUMCVSS 5.5PoC≥ 0, < 2:1.3.0.0.dfsg-42007-05-02
CVE-2007-2437 [MEDIUM] CVE-2007-2437: The X render (Xrender) extension in X The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error.
osv
CVE-2012-2118P3CRITICALCVSS 10.0≥ 0, < 2:1.12.1.902-12012-05-18
CVE-2012-2118 [CRITICAL] CVE-2012-2118: Format string vulnerability in the LogVHdrMessageVerb function in os/log Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name.
osv
CVE-2014-8095P3MEDIUMCVSS 6.5≥ 0, < 2:1.16.2.901-12014-12-10
CVE-2014-8095 [MEDIUM] CVE-2014-8095: The XInput extension in X The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllo
osv
CVE-2014-8099P3MEDIUMCVSS 6.5≥ 0, < 2:1.16.2.901-12014-12-10
CVE-2014-8099 [MEDIUM] CVE-2014-8099: The XVideo extension in XFree86 4 The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXvQueryExtension, (2) SProcXvQueryAdaptors, (3) SProcXvQueryEncodings, (4) SProcXvGrabPort, (5) SProcX
osv
X.Org Xorg-Server vulnerabilities | cvebase