Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Libx11
(X\.org)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2007-03-24 | CVE-2007-1667 | Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. | Ubuntu_linux, Debian_linux, Libx11 | N/A | ||
| 2006-11-03 | CVE-2006-5397 | The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor. | Libx11 | N/A | ||
| 2016-12-13 | CVE-2016-7942 | The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations. | Fedora, Libx11 | 9.8 | ||
| 2016-12-13 | CVE-2016-7943 | The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations. | Fedora, Libx11 | 9.8 | ||
| 2018-08-24 | CVE-2018-14598 | An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault). | Ubuntu_linux, Debian_linux, Fedora, Libx11 | 7.5 | ||
| 2018-08-24 | CVE-2018-14599 | An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact. | Ubuntu_linux, Debian_linux, Fedora, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Libx11 | 9.8 | ||
| 2018-08-24 | CVE-2018-14600 | An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution. | Ubuntu_linux, Debian_linux, Libx11 | 9.8 | ||
| 2018-08-24 | CVE-2018-14599 | An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact. | Ubuntu_linux, Debian_linux, Fedora, Libx11 | 9.8 | ||
| 2018-08-24 | CVE-2018-14598 | An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault). | Ubuntu_linux, Debian_linux, Fedora, Libx11 | 7.5 | ||
| 2015-04-16 | CVE-2013-7439 | Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow. | Ubuntu_linux, Debian_linux, Libx11, X11 | N/A |