CVSS: 9.8EPSS: 7%CPEs: 45EXPL: 0CVE-2007-1351 – Multiple font integer overflows (CVE-2007-1352)
https://notcve.org/view.php?id=CVE-2007-1351
06 Apr 2007 — Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. Desbordamiento de enteros en la función bdfReadCharacters en (1) X.Org libXfont before 20070403 y (2) freetype 2.3.2 y permite a usuarios remotos validados ejecutar código de su elección a través de fuentes manipuladas BDF, las cueles dan como resultado un de... • http://issues.foresightlinux.org/browse/FL-223 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 3%CPEs: 82EXPL: 0CVE-2005-0605 – libxpm buffer overflow
https://notcve.org/view.php?id=CVE-2005-0605
02 Mar 2005 — scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt •
CVSS: 10.0EPSS: 0%CPEs: 40EXPL: 0CVE-2004-0914 – openmotif21 stack overflows in libxpm
https://notcve.org/view.php?id=CVE-2004-0914
15 Dec 2004 — Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candida... • http://rhn.redhat.com/errata/RHSA-2004-537.html •
CVSS: 8.8EPSS: 16%CPEs: 23EXPL: 0CVE-2004-0688 – openmotif21 stack overflows in libxpm
https://notcve.org/view.php?id=CVE-2004-0688
24 Sep 2004 — Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file. Múltiples desbordamientos de búfer en xpmParseColors en parse.c de libXpm anteriores a 6.8.1 permite a atacantes remotos ejecutar código arbitrario mediante un fichero de imagen XPM malformado. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924 •
CVSS: 9.8EPSS: 19%CPEs: 23EXPL: 1CVE-2004-0687 – openmotif21 stack overflows in libxpm
https://notcve.org/view.php?id=CVE-2004-0687
24 Sep 2004 — Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file. Múltiples desbordamientos de búfer basados en la pila en (1) xpmParseColors en parse.c, (2) ParseAndPutPixels en create.c, y (3) ParsePixels en parse.c de libXpm anteriores a 6.8.1 permite a atacantes remotos ejecutar código de su elección mediante una imagen XPM malfo... • https://packetstorm.news/files/id/170620 •
CVSS: 9.1EPSS: 2%CPEs: 3EXPL: 0CVE-2004-0419
https://notcve.org/view.php?id=CVE-2004-0419
03 Jun 2004 — XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions. XDM en XFree86 abre una un socket TCP chooserFd incluso cuando DisplayManger.requestPort es 0, lo que podría permitir a atacantes remotos conectar al puerto, violando las restricciones pretendidas. • http://bugs.xfree86.org/show_bug.cgi?id=1376 •
CVSS: 9.8EPSS: 3%CPEs: 7EXPL: 0CVE-2004-0093
https://notcve.org/view.php?id=CVE-2004-0093
15 Mar 2004 — XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI). XFree86 4.1.0 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante un índice de un array fuera de límites cuando usa la extenesión GLX y la infraestructura Direct Rendering • ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U •
CVSS: 9.8EPSS: 3%CPEs: 7EXPL: 0CVE-2004-0094
https://notcve.org/view.php?id=CVE-2004-0094
15 Mar 2004 — Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI). Errores de falta de signo en enteros en XFree86 4.1.0 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario cuando se usa la extensión GLX y la infraestructura Direct Rendering • ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0CVE-2004-0106
https://notcve.org/view.php?id=CVE-2004-0106
16 Feb 2004 — Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084. Múltiples vulnerabilidades desconocidas en XFree86 4.1.0 to 4.3.0 relacionadas con el manejo inapropiado de ficheros de fuentes, un grupo de vulnerabilidades diferente de CAN-2004-0083. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821 •
CVSS: 10.0EPSS: 2%CPEs: 9EXPL: 2CVE-2004-0083 – XFree86 4.3 - Font Information File Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-0083
14 Feb 2004 — Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106. Desbordamiento de búfer en ReadFontAlias de XFree86 4.1.0 a 4.3.0 permite a usuarios locales y atacantes remotos ejecutar código arbitrario mediante un fichero de aliases de fuentes (font.alias) con un token largo, una vulnerabilidad distinta de CAN... • https://www.exploit-db.com/exploits/23682 •