Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks.
Max CVSS
7.5
EPSS Score
5.88%
Published
2003-10-20
Updated
2016-10-18
The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
Max CVSS
2.1
EPSS Score
0.06%
Published
2003-03-03
Updated
2016-10-18
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
Max CVSS
7.5
EPSS Score
1.07%
Published
2003-03-03
Updated
2016-10-18
xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist.
Max CVSS
10.0
EPSS Score
0.46%
Published
2003-03-03
Updated
2008-09-05
Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-03-03
Updated
2008-09-05
dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system.
Max CVSS
3.6
EPSS Score
0.04%
Published
2003-07-24
Updated
2010-05-25
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!