xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially...

MiracleLinux 8 : xorg-x11-server-1.20.11-17.el8 (AXSA:2023-7237:09)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-7237:09 advisory. xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability CVE-2023-1393 Tenable has extracted the preceding...

MiracleLinux 7 : xorg-x11-server-1.20.4-29.el7 (AXSA:2024-7672:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7672:03 advisory. xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents CVE-2024-31080 xorg-x11-server: Heap buffer overread/data leakage in...

MiracleLinux 4 : xorg-x11-server-1.15.0-36.0.1.AXS4 (AXBA:2015-352:03)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXBA:2015-352:03 advisory. - The ProcPutImage function in dix/dispatch.c in X.Org Server aka xserver and xorg-server before 1.16.4 allows attackers to cause a denial of service...

[SECURITY] [DLA 4230-1] xorg-server security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4230-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort June 25, 2025 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 5947-1] xorg-server security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5947-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 23, 2025 https://www.debian.org/security/faq -...

Slackware Linux 15.0 / current xorg-server Vulnerability (SSA:2025-169-02)

The version of xorg-server installed on the remote host is prior to 1.20.14 / 21.1.18 / 21.1.4 / 24.1.8. It is, therefore, affected by a vulnerability as referenced in the SSA:2025-169-02 advisory. New xorg-server packages are available for Slackware 15.0 and -current to fix a security issue...

Slackware Linux 15.0 / current xorg-server Vulnerability (SSA:2024-304-04)

The version of xorg-server installed on the remote host is prior to 1.20.14 / 21.1.14 / 21.1.4 / 24.1.4. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-304-04 advisory. New xorg-server packages are available for Slackware 15.0 and -current to fix security issues...

Debian dsa-5800 : xnest - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5800 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5800-1 [email protected] https://www.debian.org/security/...

ROS-20250117-02

Vulnerability of xorg-server package is related to created requests to RRChangeProviderProperty or RRChangeOutputProperty causing integer overflow. RRChangeOutputProperty causing an integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to disclose sensitive...

AZL-39172 CVE-2024-31081 affecting package xorg-x11-server for versions less than 1.20.10-11

A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a...

Important: xorg-x11-server

Issue Overview: A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is...

xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remo...

xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation if the server runs with extended privileges, or...

PT-2023-8962 · Unknown +10 · Xorg-Server +10

Name of the Vulnerable Software and Affected Versions: xorg-server affected versions not specified Description: A flaw was found in xorg-server, where a specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow, potentially leading to the...

Use-After-Free

xorg-server is vulnerable to Use-After-Free. The vulnerability is triggered by warping the pointer between screens during shutdown or reset which could allow attackers to escalate privileges or crash the server...

xorg-x11-server: XIChangeProperty out-of-bounds access

A vulnerability was found in X.Org. The issue occurs because the handler for the XIChangeProperty request has a length-validation issue, resulting in out-of-bounds memory reads and potential information disclosure. This flaw can lead to local privilege elevation on systems where the X server runs...

USN-5846-1 xorg-server, xorg-server-hwe-18.04, xwayland vulnerability

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges...

DEBIAN-CVE-2022-46340

A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local...