Search CVE reports
1 – 10 of 56 results
Some fixes available 13 of 14
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
7 affected packages
xorg-server, xwayland, xorg, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server | Fixed | Fixed | Fixed | Fixed |
| xwayland | Fixed | Fixed | — | — |
| xorg | Not affected | Not affected | Not affected | Not affected |
| xorg-server-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | — | Fixed |
| xorg-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | — | Not affected |
Some fixes available 13 of 14
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.
7 affected packages
xorg-server, xwayland, xorg, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server | Fixed | Fixed | Fixed | Fixed |
| xwayland | Fixed | Fixed | — | — |
| xorg | Not affected | Not affected | Not affected | Not affected |
| xorg-server-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | — | Fixed |
| xorg-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | — | Not affected |
Some fixes available 13 of 14
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
7 affected packages
xorg-server, xwayland, xorg, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server | Fixed | Fixed | Fixed | Fixed |
| xwayland | Fixed | Fixed | — | — |
| xorg | Not affected | Not affected | Not affected | Not affected |
| xorg-server-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | — | Fixed |
| xorg-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | — | Not affected |
Some fixes available 8 of 14
A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.
7 affected packages
xorg-server, xwayland, xorg, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server | Fixed | Fixed | Needs evaluation | Needs evaluation |
| xwayland | Fixed | Fixed | — | — |
| xorg | Not affected | Not affected | Not affected | Not affected |
| xorg-server-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | — | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | — | Not affected |
Some fixes available 13 of 14
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
7 affected packages
xorg-server, xwayland, xorg-hwe-16.04, xorg, xorg-server-hwe-16.04...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server | Fixed | Fixed | Fixed | Fixed |
| xwayland | Fixed | Fixed | — | — |
| xorg-hwe-16.04 | Not in release | Not in release | — | — |
| xorg | Not affected | Not affected | Not affected | Not affected |
| xorg-server-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | — | Fixed |
| xorg-hwe-18.04 | Not in release | Not in release | — | Not affected |
Some fixes available 13 of 14
A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.
7 affected packages
xorg-server, xwayland, xorg, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server | Fixed | Fixed | Fixed | Fixed |
| xwayland | Fixed | Fixed | — | — |
| xorg | Not affected | Not affected | Not affected | Not affected |
| xorg-server-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | — | Fixed |
| xorg-hwe-16.04 | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | — | Not affected |
In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.
35 affected packages
gst-libav1.0, gst-plugins-bad1.0, gst-plugins-bad1.0-contrib, gst-plugins-base1.0, gst-plugins-good1.0...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-plugins-bad1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-plugins-bad1.0-contrib | Needs evaluation | Needs evaluation | — | — |
| gst-plugins-base1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-plugins-good1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-plugins-ugly1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-python1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-rtsp-server1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gstreamer-editing-services1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gstreamer-vaapi | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gstreamer1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qt-gstreamer | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| rust-gst-plugin-version-helper | Needs evaluation | Not in release | — | — |
| rust-gstreamer | Needs evaluation | Not in release | — | — |
| rust-gstreamer-allocators | Not in release | Not in release | — | — |
| rust-gstreamer-allocators-sys | Not in release | Not in release | — | — |
| rust-gstreamer-audio | Needs evaluation | Not in release | — | — |
| rust-gstreamer-audio-sys | Needs evaluation | Needs evaluation | Needs evaluation | — |
| rust-gstreamer-base | Needs evaluation | Not in release | — | — |
| rust-gstreamer-base-sys | Needs evaluation | Needs evaluation | Needs evaluation | — |
| rust-gstreamer-gl | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-egl | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-egl-sys | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-sys | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-wayland | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-wayland-sys | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-x11 | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-x11-sys | Needs evaluation | Not in release | — | — |
| rust-gstreamer-pbutils | Needs evaluation | Not in release | — | — |
| rust-gstreamer-pbutils-sys | Needs evaluation | Not in release | — | — |
| rust-gstreamer-play | Needs evaluation | Not in release | — | — |
| rust-gstreamer-play-sys | Needs evaluation | Not in release | — | — |
| rust-gstreamer-sys | Needs evaluation | Needs evaluation | Needs evaluation | — |
| rust-gstreamer-video | Needs evaluation | Not in release | — | — |
| rust-gstreamer-video-sys | Needs evaluation | Needs evaluation | Needs evaluation | — |
In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.
35 affected packages
gst-libav1.0, gst-plugins-bad1.0, gst-plugins-bad1.0-contrib, gst-plugins-base1.0, gst-plugins-good1.0...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-plugins-bad1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-plugins-bad1.0-contrib | Needs evaluation | Needs evaluation | — | — |
| gst-plugins-base1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-plugins-good1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-plugins-ugly1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-python1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-rtsp-server1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gstreamer-editing-services1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gstreamer-vaapi | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gstreamer1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qt-gstreamer | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| rust-gst-plugin-version-helper | Needs evaluation | Not in release | — | — |
| rust-gstreamer | Needs evaluation | Not in release | — | — |
| rust-gstreamer-allocators | Not in release | Not in release | — | — |
| rust-gstreamer-allocators-sys | Not in release | Not in release | — | — |
| rust-gstreamer-audio | Needs evaluation | Not in release | — | — |
| rust-gstreamer-audio-sys | Needs evaluation | Needs evaluation | Needs evaluation | — |
| rust-gstreamer-base | Needs evaluation | Not in release | — | — |
| rust-gstreamer-base-sys | Needs evaluation | Needs evaluation | Needs evaluation | — |
| rust-gstreamer-gl | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-egl | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-egl-sys | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-sys | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-wayland | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-wayland-sys | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-x11 | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-x11-sys | Needs evaluation | Not in release | — | — |
| rust-gstreamer-pbutils | Needs evaluation | Not in release | — | — |
| rust-gstreamer-pbutils-sys | Needs evaluation | Not in release | — | — |
| rust-gstreamer-play | Needs evaluation | Not in release | — | — |
| rust-gstreamer-play-sys | Needs evaluation | Not in release | — | — |
| rust-gstreamer-sys | Needs evaluation | Needs evaluation | Needs evaluation | — |
| rust-gstreamer-video | Needs evaluation | Not in release | — | — |
| rust-gstreamer-video-sys | Needs evaluation | Needs evaluation | Needs evaluation | — |
In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash.
35 affected packages
gst-libav1.0, gst-plugins-bad1.0, gst-plugins-bad1.0-contrib, gst-plugins-base1.0, gst-plugins-good1.0...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-plugins-bad1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-plugins-bad1.0-contrib | Needs evaluation | Needs evaluation | — | — |
| gst-plugins-base1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-plugins-good1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-plugins-ugly1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-python1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-rtsp-server1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gstreamer-editing-services1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gstreamer-vaapi | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gstreamer1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qt-gstreamer | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| rust-gst-plugin-version-helper | Needs evaluation | Not in release | — | — |
| rust-gstreamer | Needs evaluation | Not in release | — | — |
| rust-gstreamer-allocators | Not in release | Not in release | — | — |
| rust-gstreamer-allocators-sys | Not in release | Not in release | — | — |
| rust-gstreamer-audio | Needs evaluation | Not in release | — | — |
| rust-gstreamer-audio-sys | Needs evaluation | Needs evaluation | Needs evaluation | — |
| rust-gstreamer-base | Needs evaluation | Not in release | — | — |
| rust-gstreamer-base-sys | Needs evaluation | Needs evaluation | Needs evaluation | — |
| rust-gstreamer-gl | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-egl | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-egl-sys | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-sys | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-wayland | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-wayland-sys | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-x11 | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-x11-sys | Needs evaluation | Not in release | — | — |
| rust-gstreamer-pbutils | Needs evaluation | Not in release | — | — |
| rust-gstreamer-pbutils-sys | Needs evaluation | Not in release | — | — |
| rust-gstreamer-play | Needs evaluation | Not in release | — | — |
| rust-gstreamer-play-sys | Needs evaluation | Not in release | — | — |
| rust-gstreamer-sys | Needs evaluation | Needs evaluation | Needs evaluation | — |
| rust-gstreamer-video | Needs evaluation | Not in release | — | — |
| rust-gstreamer-video-sys | Needs evaluation | Needs evaluation | Needs evaluation | — |
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.
35 affected packages
gst-libav1.0, gst-plugins-bad1.0, gst-plugins-bad1.0-contrib, gst-plugins-base1.0, gst-plugins-good1.0...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-plugins-bad1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-plugins-bad1.0-contrib | Needs evaluation | Needs evaluation | — | — |
| gst-plugins-base1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-plugins-good1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-plugins-ugly1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-python1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-rtsp-server1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gstreamer-editing-services1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gstreamer-vaapi | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gstreamer1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qt-gstreamer | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| rust-gst-plugin-version-helper | Needs evaluation | Not in release | — | — |
| rust-gstreamer | Needs evaluation | Not in release | — | — |
| rust-gstreamer-allocators | Not in release | Not in release | — | — |
| rust-gstreamer-allocators-sys | Not in release | Not in release | — | — |
| rust-gstreamer-audio | Needs evaluation | Not in release | — | — |
| rust-gstreamer-audio-sys | Needs evaluation | Needs evaluation | Needs evaluation | — |
| rust-gstreamer-base | Needs evaluation | Not in release | — | — |
| rust-gstreamer-base-sys | Needs evaluation | Needs evaluation | Needs evaluation | — |
| rust-gstreamer-gl | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-egl | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-egl-sys | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-sys | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-wayland | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-wayland-sys | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-x11 | Needs evaluation | Not in release | — | — |
| rust-gstreamer-gl-x11-sys | Needs evaluation | Not in release | — | — |
| rust-gstreamer-pbutils | Needs evaluation | Not in release | — | — |
| rust-gstreamer-pbutils-sys | Needs evaluation | Not in release | — | — |
| rust-gstreamer-play | Needs evaluation | Not in release | — | — |
| rust-gstreamer-play-sys | Needs evaluation | Not in release | — | — |
| rust-gstreamer-sys | Needs evaluation | Needs evaluation | Needs evaluation | — |
| rust-gstreamer-video | Needs evaluation | Not in release | — | — |
| rust-gstreamer-video-sys | Needs evaluation | Needs evaluation | Needs evaluation | — |