Xfree86 Project X11R6 vulnerabilities
25 known vulnerabilities affecting xfree86_project/x11r6.
Total CVEs
25
CISA KEV
0
Public exploits
9
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH16MEDIUM5LOW1
Vulnerabilities
Page 1 of 2
CVE-2004-0084P3CRITICALCVSS 10.0PoCv4.1.0v4.1.11+4 more2004-03-03
CVE-2004-0084 [CRITICAL] CVE-2004-0084: Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.
nvd
CVE-2002-1317P3HIGHCVSS 7.5PoCv3.3v3.3.2+3 more2002-12-11
CVE-2002-1317 [HIGH] CVE-2002-1317: Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allow
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
nvd
CVE-2004-0083P3CRITICALCVSS 10.0PoCv4.1.0v4.1.11+4 more2004-03-03
CVE-2004-0083 [CRITICAL] CVE-2004-0083: Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users an
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
nvd
CVE-2001-1086P4HIGHCVSS 7.5PoCv3.3v3.3.32001-07-04
CVE-2001-1086 [HIGH] CVE-2001-1086: XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled w
XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.
nvd
CVE-2001-1178P4HIGHCVSS 7.2PoCv3.3.22001-07-11
CVE-2001-1178 [HIGH] CVE-2001-1178: Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variabl
Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable.
nvd
CVE-2007-1351P3HIGHCVSS 8.5v4.3.0v4.3.0.1+1 more2007-04-06
CVE-2007-1351 [HIGH] CWE-189 CVE-2007-1351: Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 2007040
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
nvd
CVE-2004-0687P3HIGHCVSS 7.5v3.3.6v4.0+9 more2004-10-20
CVE-2004-0687 [HIGH] CVE-2004-0687: Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in cre
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
nvd
CVE-2004-0688P3HIGHCVSS 7.5v3.3.6v4.0+9 more2004-10-20
CVE-2004-0688 [HIGH] CVE-2004-0688: Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmI
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
nvd
CVE-2000-0504P4MEDIUMCVSS 5.0PoCv3.3.3v3.3.4+3 more2000-06-19
CVE-2000-0504 [MEDIUM] CVE-2000-0504: libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value w
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
nvd
CVE-2000-0453P4MEDIUMCVSS 5.0PoCv3.3.5v3.3.6+1 more2000-05-18
CVE-2000-0453 [MEDIUM] CVE-2000-0453: XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a m
XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000.
nvd
CVE-2000-0476P4MEDIUMCVSS 5.0PoCv3.3.3v4.02000-06-01
CVE-2000-0476 [MEDIUM] CVE-2000-0476: xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape ch
xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.
nvd
CVE-1999-0433P4MEDIUMCVSS 4.6PoCv3.3.31999-03-21
CVE-1999-0433 [MEDIUM] CVE-1999-0433: XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in re
XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
nvd
CVE-2004-0914P4CRITICALCVSS 10.0v3.3v3.3.2+14 more2005-01-10
CVE-2004-0914 [CRITICAL] CVE-2004-0914: Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, inc
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (a
nvd
CVE-2003-0730P4HIGHCVSS 7.5v4.2.1v4.3.02003-10-20
CVE-2003-0730 [HIGH] CVE-2003-0730: Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers t
Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks.
nvd
CVE-2005-0605P4HIGHCVSS 7.5v3.3v3.3.2+16 more2005-03-02
CVE-2005-0605 [HIGH] CVE-2005-0605: scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value tha
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
nvd
CVE-2003-0063P4HIGHCVSS 7.3v4.0v4.0.1+4 more2003-03-03
CVE-2003-0063 [HIGH] CVE-2003-0063: The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
nvd
CVE-2004-0094P4HIGHCVSS 7.5v4.1.0v4.1.11+4 more2004-03-15
CVE-2004-0094 [HIGH] CVE-2004-0094: Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and p
Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).
nvd
CVE-2004-0093P4HIGHCVSS 7.5v4.1.0v4.1.11+4 more2004-03-15
CVE-2004-0093 [HIGH] CVE-2004-0093: XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary co
XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI).
nvd
CVE-2002-1472P4HIGHCVSS 7.2v4.1.0v4.2.02003-03-03
CVE-2002-1472 [HIGH] CVE-2002-1472: Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs,
Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.
nvd
CVE-2000-0285P4HIGHCVSS 7.2v3.3.6v4.02000-04-16
CVE-2000-0285 [HIGH] CVE-2000-0285: Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap
Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter.
nvd
1 / 2Next →