xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Data Leak in XFIXES Extension's XFixesSetClientDisconnectMode

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...

The vulnerability of the RecordSanityCheckRegisterClients() function on the X Window System Xorg-server allows a hacker to trigger a service failure.

The vulnerability of the RecordSanityCheckRegisterClients function in the X Window System Xorg-server is related to integer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure...

X.Org X server, XWayland: Multiple Vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X server and XWayland. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

CVE-2022-34568

SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDLx11yuv.c...

xorg: xwayland: Heap overflow in XkbWriteKeySyms()

A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms differs from what is written in XkbWriteKeySyms, which may lead to a heap-based buffer overflow...

xorg: xwayland: Use of uninitialized pointer in compRedirectWindow()

An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow will return a BadAlloc error without validating the window tree marked just before, which leaves the...

X.Org: Xwayland: Use-after-free of the root cursor

A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free...

xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability

A flaw was found in the X.org server. Due to improperly tracked allocation size in XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org serv...

xorg: xwayland: Buffer overflow in XkbChangeTypesOfKey()

A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because t...

Moderate: Red Hat Security Advisory: xorg-x11-server security update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Low: xterm security update

The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that can't use the window system directly. Security Fixes: xterm: code execution via OSC 50 input sequences CVE-2022-45063 For more details about the securi...

ALSA-2025:7427 Low: xterm security update

The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that can't use the window system directly. Security Fixes: xterm: code execution via OSC 50 input sequences CVE-2022-45063 For more details about the securi...

Do Not Install the X Window System

X Window System X for short provides a GUI for users to log in and perform operations in Linux. Generally, servers do not require a GUI. Administrators can configure and modify a server through the CLI. X SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a...

Xorg: xwayland: Buffer overflow in XkbVModMaskText()

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size...

The vulnerability of the compRedirectWindow() function in the Wayland protocol for X.Org XWayland, which is implemented in the X Window System X.Org Server, allows a attacker to execute arbitrary code.

The vulnerability of the compRedirectWindow function in the Wayland protocol for X.Org XWayland, which is part of the X Window System X.Org Server, relates to access to an uninitialized pointer. Exploiting this vulnerability could allow a attacker to execute arbitrary code...

The vulnerability in the dix/devices.c component of the X Window System X.Org Server allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the dix/devices.c component in the X Window System X.Org Server implementation is related to improper resource locking. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

USN-7299-4 xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04 regression

USN-7299-2 fix vulnerabilities in X.Org X Server. This fix caused a regression in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update fix the regression and re-apply the fix for the CVE listed. We apologize for the inconvenience. Original advisory details: Jan-Niklas Sohn discovered that the X.Org...