X.Org Xorg-Server vulnerabilities
124 known vulnerabilities affecting x.org/xorg-server.
Total CVEs
124
CISA KEV
0
Public exploits
5
Exploited in wild
2
Severity breakdown
CRITICAL21HIGH58MEDIUM38LOW7
Vulnerabilities
Page 5 of 7
CVE-2025-49176P3HIGHCVSS 7.3≥ 0, < 2:1.20.11-1+deb11u16≥ 0, < 2:21.1.7-3+deb12u10+1 more2025-06-17
CVE-2025-49176 [HIGH] CVE-2025-49176: A flaw was found in the Big Requests extension
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
osv
CVE-2014-8092P3MEDIUMCVSS 6.5≥ 0, < 2:1.16.2.901-12014-12-10
CVE-2014-8092 [MEDIUM] CVE-2014-8092: Multiple integer overflows in X
Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write.
osv
CVE-2014-8100P3MEDIUMCVSS 6.5≥ 0, < 2:1.16.2.901-12014-12-10
CVE-2014-8100 [MEDIUM] CVE-2014-8100: The Render extension in XFree86 4
The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryP
osv
CVE-2017-10972P3MEDIUMCVSS 6.5≥ 0, < 2:1.19.3-22017-07-06
CVE-2017-10972 [MEDIUM] CVE-2017-10972: Uninitialized data in endianness conversion in the XEvent handling of the X
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.
osv
CVE-2014-8102P3MEDIUMCVSS 6.5≥ 0, < 2:1.16.2.901-12014-12-10
CVE-2014-8102 [MEDIUM] CVE-2014-8102: The SProcXFixesSelectSelectionInput function in the XFixes extension in X
The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length value.
osv
CVE-2014-8101P3MEDIUMCVSS 6.5≥ 0, < 2:1.16.2.901-12014-12-10
CVE-2014-8101 [MEDIUM] CVE-2014-8101: The RandR extension in XFree86 4
The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty
osv
CVE-2014-8093P3MEDIUMCVSS 6.5≥ 0, < 2:1.16.2.901-12014-12-10
CVE-2014-8093 [MEDIUM] CVE-2014-8093: Multiple integer overflows in the GLX extension in XFree86 4
Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDisp
osv
CVE-2017-13723P3HIGHCVSS 7.8≥ 0, < 2:1.19.4-12017-10-10
CVE-2017-13723 [HIGH] CVE-2017-13723: In X
In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp.
osv
CVE-2014-8103P3MEDIUMCVSS 6.5≥ 0, < 2:1.16.2.901-12014-12-10
CVE-2014-8103 [MEDIUM] CVE-2014-8103: X
X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) sproc_dri3_query_version, (2) sproc_dri3_open, (3) sproc_dri3_pixmap_from_buffer, (4) sproc_dri3_buffer_from_pixmap, (5) sproc_dri3_fence_from_fd, (6) sproc_dri3_fd_from_fence, (7) proc_present_query_capabi
osv
CVE-2015-3418P4HIGHCVSS 7.5≥ 0, < 2:1.16.4-12016-12-13
CVE-2015-3418 [HIGH] CVE-2015-3418: The ProcPutImage function in dix/dispatch
The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.
osv
CVE-2014-8096P4MEDIUMCVSS 6.5≥ 0, < 2:1.16.2.901-12014-12-10
CVE-2014-8096 [MEDIUM] CVE-2014-8096: The SProcXCMiscGetXIDList function in the XC-MISC extension in X
The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value.
osv
CVE-2014-8097P4MEDIUMCVSS 6.5≥ 0, < 2:1.16.2.901-12014-12-10
CVE-2014-8097 [MEDIUM] CVE-2014-8097: The DBE extension in X
The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcDbeSwapBuffers or (2) SProcDbeSwapBuffers function.
osv
CVE-2014-8094P4MEDIUMCVSS 6.5≥ 0, < 2:1.16.2.901-12014-12-10
CVE-2014-8094 [MEDIUM] CVE-2014-8094: Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X
Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers an out-of-bounds read or write.
osv
CVE-2011-4029P4LOWCVSS 1.9PoC≥ 0, < 2:1.11.1.901-22012-07-03
CVE-2011-4029 [LOW] CVE-2011-4029: The LockServer function in os/utils
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.
osv
CVE-2013-4396P4MEDIUMCVSS 6.5≥ 0, < 2:1.14.3-42013-10-10
CVE-2013-4396 [MEDIUM] CVE-2013-4396: Use-after-free vulnerability in the doImageText function in dix/dixfonts
Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.
osv
CVE-2022-3551P4MEDIUMCVSS 6.5≥ 0, < 2:1.20.11-1+deb11u3≥ 0, < 2:21.1.4-32022-10-17
CVE-2022-3551 [MEDIUM] CVE-2022-3551: A vulnerability, which was classified as problematic, has been found in X
A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.
osv
CVE-2022-3553P4MEDIUMCVSS 6.5≥ 0, < 2:21.1.4-12022-10-17
CVE-2022-3553 [MEDIUM] CVE-2022-3553: A vulnerability, which was classified as problematic, was found in X
A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053 was assigned to this vulnerability.
osv
CVE-2025-49177P4MEDIUMCVSS 6.1≥ 0, < 2:21.1.7-3+deb12u10≥ 0, < 2:21.1.16-1.22025-06-17
CVE-2025-49177 [MEDIUM] CVE-2025-49177: A flaw was found in the XFIXES extension
A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.
osv
CVE-2015-0255P4MEDIUMCVSS 6.4≥ 0, < 2:1.16.4-12015-02-13
CVE-2015-0255 [MEDIUM] CVE-2015-0255: X
X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.
osv
CVE-2008-1379P4MEDIUMCVSS 6.8≥ 0, < 2:1.4.1~git20080517-22008-06-16
CVE-2008-1379 [MEDIUM] CVE-2008-1379: Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1
Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height.
osv