CLSA-2025-1757499160 Fix CVE(s): CVE-2025-5318

SECURITY UPDATE: out-of-bounds read in sftphandle function - debian/patches/CVE-2025-5318.patch: fix possible buffer overrun issue by changing comparison operator in sftphandle function - CVE-2025-5318...

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...

USN-6587-5 xorg-server vulnerabilities

USN-6587-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the RRChangeOutputProperty and RRChangeProviderProperty...

xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty

A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information...

xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty

A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information...

OESA-2023-1951 xorg-x11-server security update

X.Org X11 X server Security Fixes: A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11...

AZL-32180 CVE-2023-6478 affecting package xorg-x11-server for versions less than 1.20.10-5

A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information...

DEBIAN-CVE-2023-6478

A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information...

xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing f...

UBUNTU-CVE-2023-5367

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing f...

xorg-x11-server: XIChangeProperty out-of-bounds access

A vulnerability was found in X.Org. The issue occurs because the handler for the XIChangeProperty request has a length-validation issue, resulting in out-of-bounds memory reads and potential information disclosure. This flaw can lead to local privilege elevation on systems where the X server runs...

DEBIAN-CVE-2021-26957

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::changeproperty, as demonstrated by a format=32 T=u8 situation where out-of-bounds bytes are sent to an X server...

CVE-2018-11965

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, Anyone can execute proptrigger.sh which will lead to change in properties...