Search CVE reports
1 – 10 of 60 results
Some fixes available 8 of 14
Value overflow in Xkb extension XkbSetCompatMap()
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Fixed | Fixed | Needs evaluation | Needs evaluation |
| xwayland | Fixed | Fixed | — | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | — | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | — | Not affected |
Some fixes available 8 of 14
Use-after-free in Xkb client resource removal
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Fixed | Fixed | Needs evaluation | Needs evaluation |
| xwayland | Fixed | Fixed | — | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | — | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | — | Not affected |
Some fixes available 8 of 14
Use-after-free in XPresentNotify structures creation
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Fixed | Fixed | Needs evaluation | Needs evaluation |
| xwayland | Fixed | Fixed | — | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | — | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | — | Not affected |
Some fixes available 15 of 16
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
7 affected packages
xorg-server, xwayland, xorg, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server | Fixed | Fixed | Fixed | Fixed |
| xwayland | Fixed | Fixed | — | — |
| xorg | Not affected | Not affected | Not affected | Not affected |
| xorg-server-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | — | Fixed |
| xorg-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | — | Not affected |
Some fixes available 15 of 16
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.
7 affected packages
xorg-server, xwayland, xorg, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server | Fixed | Fixed | Fixed | Fixed |
| xwayland | Fixed | Fixed | — | — |
| xorg | Not affected | Not affected | Not affected | Not affected |
| xorg-server-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | — | Fixed |
| xorg-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | — | Not affected |
Some fixes available 15 of 16
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
7 affected packages
xorg-server, xwayland, xorg, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server | Fixed | Fixed | Fixed | Fixed |
| xwayland | Fixed | Fixed | — | — |
| xorg | Not affected | Not affected | Not affected | Not affected |
| xorg-server-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | — | Fixed |
| xorg-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | — | Not affected |
Some fixes available 10 of 16
A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.
7 affected packages
xorg-server, xwayland, xorg, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server | Fixed | Fixed | Needs evaluation | Needs evaluation |
| xwayland | Fixed | Fixed | — | — |
| xorg | Not affected | Not affected | Not affected | Not affected |
| xorg-server-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | — | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | — | Not affected |
Some fixes available 15 of 16
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
7 affected packages
xorg-server, xwayland, xorg-hwe-16.04, xorg, xorg-server-hwe-16.04...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server | Fixed | Fixed | Fixed | Fixed |
| xwayland | Fixed | Fixed | — | — |
| xorg-hwe-16.04 | Not in release | Not in release | — | — |
| xorg | Not affected | Not affected | Not affected | Not affected |
| xorg-server-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | — | Fixed |
| xorg-hwe-18.04 | Not in release | Not in release | — | Not affected |
Some fixes available 15 of 16
A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.
7 affected packages
xorg-server, xwayland, xorg, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server | Fixed | Fixed | Fixed | Fixed |
| xwayland | Fixed | Fixed | — | — |
| xorg | Not affected | Not affected | Not affected | Not affected |
| xorg-server-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | — | Fixed |
| xorg-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | — | Not affected |
Some fixes available 1 of 16
In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In...
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xwayland | Needs evaluation | Needs evaluation | Not in release | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | Not affected |