Xfree86 Project : Security Vulnerabilities, CVEs, Published In 2003 CVSS score >= 2
Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks.
Max CVSS
7.5
EPSS Score
5.88%
Published
2003-10-20
Updated
2016-10-18
The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
Max CVSS
2.1
EPSS Score
0.06%
Published
2003-03-03
Updated
2016-10-18
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
Max CVSS
7.5
EPSS Score
1.07%
Published
2003-03-03
Updated
2016-10-18
xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist.
Max CVSS
10.0
EPSS Score
0.46%
Published
2003-03-03
Updated
2008-09-05
Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-03-03
Updated
2008-09-05
dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system.
Max CVSS
3.6
EPSS Score
0.04%
Published
2003-07-24
Updated
2010-05-25
6 vulnerabilities found