CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 4CVE-2021-31535 – libX11: missing request length checks
https://notcve.org/view.php?id=CVE-2021-31535
21 May 2021 — LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests a... • https://packetstorm.news/files/id/162737 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 2%CPEs: 4EXPL: 1CVE-2007-2437 – X.Org X Window System Xserver 1.3 - XRender Extension Divide by Zero Denial of Service
https://notcve.org/view.php?id=CVE-2007-2437
02 May 2007 — The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error. La extensión X render (Xrender) en X.org X Window System 7.0, 7.1, y 7.2, con Xserver 1.3.0 y anteriores, permite a usuarios remotos validados provocar denegación de servicio (caida de demonio) a... • https://www.exploit-db.com/exploits/29939 •