X.org X_server
26 CVEs affecting X.org X_server. Latest disclosed: 2026-05-05. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-10971 | High | 8.8 | 2017-07-06 | In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack… |
CVE-2025-26597 | High | 7.8 | 2025-02-25 | A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave… |
CVE-2017-13723 | High | 7.8 | 2017-10-10 | In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of… |
CVE-2015-3418 | High | 7.5 | 2016-12-13 | The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-b… |
CVE-2017-10972 | Medium | 6.5 | 2017-07-06 | Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access pote… |
CVE-2026-34002 | Medium | 6.1 | 2026-05-05 | A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker wi… |
CVE-2026-34000 | Medium | 6.1 | 2026-05-05 | A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `Xkb… |
CVE-2017-13721 | Medium | 4.7 | 2017-10-10 | In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause abor… |
CVE-2015-3164 | | 2015-07-01 | The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or sen… | |
CVE-2015-0255 | | 2015-02-13 | X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory o… | |
CVE-2014-8103 | | 2014-12-10 | X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds re… | |
CVE-2014-8102 | | 2014-12-10 | The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-s… | |
CVE-2014-8101 | | 2014-12-10 | The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote… | |
CVE-2014-8100 | | 2014-12-10 | The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote… | |
CVE-2014-8099 | | 2014-12-10 | The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote… | |
CVE-2014-8098 | | 2014-12-10 | The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote auth… | |
CVE-2014-8097 | | 2014-12-10 | The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated user… | |
CVE-2014-8096 | | 2014-12-10 | The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) befo… | |
CVE-2014-8095 | | 2014-12-10 | The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated use… | |
CVE-2014-8094 | | 2014-12-10 | Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allo… |