CVSS: 8.5EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1803 – libXfont: crash on invalid read in bdfReadCharacters
https://notcve.org/view.php?id=CVE-2015-1803
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file. La función bdfReadCharacters en bitmap/bdfread.c en X.Org libXfont anterior a 1.4.9 y 1.5.x anterior a 1.5.1 no maneja adecuadamente caracteres bitmaps que no se pueden leer, lo que permite a usuarios remotos autenticados causar una denegación de servicio (referencia a puntero NULO y caída) y la posibilidad de ejecutar código arbitrario a través de un archivo de fuente BDF. A NULL pointer dereference flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server. • http://advisories.mageia.org/MGASA-2015-0113.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-1708.html http://www.debian& • CWE-476: NULL Pointer Dereference •
CVSS: 6.4EPSS: 6%CPEs: 4EXPL: 0CVE-2015-0255 – xorg-x11-server: information leak in the XkbSetGeometry request of X servers
https://notcve.org/view.php?id=CVE-2015-0255
X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. X.Org Server (también conocido como xserver y xorg-server) anterior a 1.16.3 y 1.17.x anterior a 1.17.1 permite a atacantes remotos obtener información sensible de la memoria de procesos o causar una denegación de servicio (caída) a través de un valor de longitud de cadena manipulado en una solicitud XkbSetGeometry. A buffer overflow flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. • http://advisories.mageia.org/MGASA-2015-0073.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00085.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00086.html http://rhn.redhat.com/errata/RHSA-2015-0797.html http://www.debian.org/security/2015/dsa-3160 http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html ht • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8096 – xorg-x11-server: out of bounds access due to not validating length or offset values in XC-MISC extension
https://notcve.org/view.php?id=CVE-2014-8096
The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value. La función SProcXCMiscGetXIDList en la extensión XC-MISC en X.Org X Window System (también conocido como X11 o X) X11R6.0 y X.Org Server (también conocido como xserver y xorg-server) anterior a 1.16.3 permite a usuarios remotos autenticados causar una denegación de servicio (lectura o escritura fuera de rango) o posiblemente ejecutar código arbitrario a través de una longitud manipulada o un valor de indice manipulado. Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server. • http://advisories.mageia.org/MGASA-2014-0532.html http://secunia.com/advisories/61947 http://secunia.com/advisories/62292 http://www.debian.org/security/2014/dsa-3095 http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/71598& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2014-8097 – xorg-x11-server: out of bounds access due to not validating length or offset values in DBE extension
https://notcve.org/view.php?id=CVE-2014-8097
The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcDbeSwapBuffers or (2) SProcDbeSwapBuffers function. La extensión DBE en X.Org X Window System (también conocido como X11 o X) X11R6.1 y X.Org Server (también conocido como xserver y xorg-server) anterior a 1.16.3 permite a usuarios remotos autenticados causar una denegación de servicio (lectura o escritura fuera de rango) o posiblemente ejecutar código arbitrario a través de una longitud manipulada o valor de indice manipulado en la función (1) ProcDbeSwapBuffers o (2) SProcDbeSwapBuffers. Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server, or leak memory contents to the client. • http://advisories.mageia.org/MGASA-2014-0532.html http://secunia.com/advisories/61947 http://secunia.com/advisories/62292 http://www.debian.org/security/2014/dsa-3095 http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/71604& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 0CVE-2014-8095 – xorg-x11-server: out of bounds access due to not validating length or offset values in XInput extension
https://notcve.org/view.php?id=CVE-2014-8095
The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8) SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice, (11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13) ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15) ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17) SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19) SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice, (22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24) SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus, or (27) SProcXIWarpPointer function. La extensión XInput en X.Org X Window System (también conocido como X11 o X) X11R4 y X.Org Server (también conocido como xserver y xorg-server) en versiones anteriores a 1.16.3 permite a usuarios remotos autenticados causar una denegación de servicio (lectura o escritura fuera de rango) o posiblemente ejecutar código arbitrario a través de un valor de longitud o índice manipulado a la función (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8) SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice, (11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13) ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15) ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17) SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19) SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice, (22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24) SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus o (27) SProcXIWarpPointer. Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server. • http://advisories.mageia.org/MGASA-2014-0532.html http://secunia.com/advisories/61947 http://secunia.com/advisories/62292 http://www.debian.org/security/2014/dsa-3095 http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/71599& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •