Information disclosure in X.org X_server

CVE-2015-0255

X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSe…

Vulnerability class: Information Disclosure

EPSS: 0.064 (91.2th percentile) — read the EPSS interpretation.

Affected products

X.org X_server — versions 1.17.0
Opensuse — versions 13.1, 13.2
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

openSUSE-SU-2015:0337 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM)
GLSA-201504-06 (vendor-advisory, x_refsource_GENTOO)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)
72578 (vdb-entry, x_refsource_BID)
MDVSA-2015:119 (vendor-advisory, x_refsource_MANDRIVA)
secalert@redhat.com (x_refsource_CONFIRM)
DSA-3160 (vendor-advisory, x_refsource_DEBIAN)
USN-2500-1 (x_refsource_UBUNTU, vendor-advisory)