Olivier Fourdan

**Name of the Vulnerable Software and Affected Versions** X.Org Server versions prior to 1.16.3 X.Org Server versions 1.17.x prior to 1.17.1 **Description** The issue allows remote attackers to obtain sensitive information from process memory or cause a denial of service via a crafted string length value in a XkbSetGeometry request. **Recommendations** For X.Org Server versions prior to 1.16.3, update to version 1.16.3 or later. For X.Org Server versions 1.17.x prior to 1.17.1, update to version 1.17.1 or later.

**Name of the Vulnerable Software and Affected Versions** X.Org X11R7.1 **Description** The issue is related to the fbComposite function in fbpict.c in the Render extension in the X server, which allows remote authenticated users to cause a denial of service, resulting in memory corruption and daemon crash, or possibly execute arbitrary code via a crafted request. This is due to an incorrect macro definition. **Recommendations** For X.Org X11R7.1, consider disabling the Render extension as a temporary workaround until a patch is available. Restrict access to the X server to minimize the risk of exploitation.