CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2016-10164 – libXpm: Out-of-bounds write in XPM extension parsing
https://notcve.org/view.php?id=CVE-2016-10164
Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow. Desbordamientos múltiples de entero en libXpm en versiones anteriores a 3.5.12, cuando un programa solicita interpretar extensiones XPM en una plataforma 64-bit, permiten a atacantes remotos provocar una denegación de servicio (escritura fuera de límites) o ejecutar código arbitrario a través de (1) el número de extensiones o (2) su longitud concatenada en un archivo XPM manipulado, que desencadena un desbordamiento de búfer basado en memoria dinámica. An integer overflow flaw leading to a heap-based buffer overflow was found in libXpm. An attacker could use this flaw to crash an application using libXpm via a specially crafted XPM file. • http://www.debian.org/security/2017/dsa-3772 http://www.openwall.com/lists/oss-security/2017/01/22/2 http://www.openwall.com/lists/oss-security/2017/01/25/7 http://www.securityfocus.com/bid/95785 https://access.redhat.com/errata/RHSA-2017:1865 https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=d1167418f0fd02a27f617ec5afd6db053afbe185 https://lists.freedesktop.org/archives/xorg/2016-December/058537.html https://security.gentoo.org/glsa/201701-72 https://access.redhat.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3418
https://notcve.org/view.php?id=CVE-2015-3418
The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request. La función ProcPutImage en dix/dispatch.c en X.Org Server (también conocido como xserver y xorg-server) en versiones anteriores a 1.16.4 permite a atacantes provocar una denegación de servicio (división por cero y caída) a través de una solicitud PutImage de altura cero. • http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/74328 https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc777c346d5d452a53b13b917c45f6a1bad2f20b https://lists.x.org/archives/xorg-announce/2015-February/002532.html https://security.gentoo.org/glsa/201701-64 • CWE-369: Divide By Zero •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2016-7943
https://notcve.org/view.php?id=CVE-2016-7943
The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations. La función XListFonts en X.org libX11 en versiones anteriores a 1.6.4 podría permitir a servidores remotos X obtener privilegios a través de vectores que involucran campos de longitud, que desencadena operaciones de escritura fuera de límites. • http://www.openwall.com/lists/oss-security/2016/10/04/2 http://www.openwall.com/lists/oss-security/2016/10/04/4 http://www.securityfocus.com/bid/93362 http://www.securitytracker.com/id/1036945 https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMCVDXMFPXR7QGMKDG22WPPJCXH2X3L7 https://lists.x.org/archives/xorg-announce/2016-October/002720.html https://security.g • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2016-7944
https://notcve.org/view.php?id=CVE-2016-7944
Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync. Desbordamiento de entero en X.org libXfixes en versiones anteriores a 5.0.3 en plataformas 32-bit podría permitir a servidores remotos X obtener privilegios a través de un valor de longitud de INT_MAX, que desencadena que el cliente pare la lectura de datos y salga de la sincronización. • http://www.openwall.com/lists/oss-security/2016/10/04/2 http://www.openwall.com/lists/oss-security/2016/10/04/4 http://www.securityfocus.com/bid/93361 http://www.securitytracker.com/id/1036945 https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4CE6VJWBMOWLSCH4OP4TAEPIA7NP53ON https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ • CWE-190: Integer Overflow or Wraparound CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2016-7948
https://notcve.org/view.php?id=CVE-2016-7948
X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. X.org libXrandr en versiones anteriores a 1.5.1 permite a servidores remotos X desencadenar operaciones de escritura fuera de límites aprovechando el manejo incorrecto de datos de respuesta. • http://www.openwall.com/lists/oss-security/2016/10/04/2 http://www.openwall.com/lists/oss-security/2016/10/04/4 http://www.securityfocus.com/bid/93373 http://www.securitytracker.com/id/1036945 https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74FFOHWYIKQZTJLRJWDMJ4W3WYBELUUG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ • CWE-787: Out-of-bounds Write •