Michal Srb

**Name of the Vulnerable Software and Affected Versions** X.Org Server versions prior to 1.19.4 **Description** The issue allows an authenticated attacker to cause the X server to abort or replace shared memory segments of other X clients in the same session, when the X shared memory extension is enabled. **Recommendations** For versions prior to 1.19.4, update to version 1.19.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libXfont versions 1.5.2 and earlier libXfont versions 2.x prior to 2.0.2 **Description** The issue arises from incorrect handling of '0' characters in the PatternMatch function in fontfile/fontdir.c, specifically when '?' characters are involved. This can lead to a buffer over-read during font pattern matching, potentially causing information disclosure or a crash, resulting in denial of service. An attacker would need access to an X connection to exploit this. **Recommendations** For libXfont version 1.5.2 and earlier, update to version 2.0.2 or later. For libXfont version 2.x prior to 2.0.2, update to version 2.0.2 or later.

**Name of the Vulnerable Software and Affected Versions** X.Org X server versions prior to 2017-06-19 **Description** A stack overflow in the endianness conversion of X Events can be exploited by an authenticated user to crash the X Server or execute code in its context. **Recommendations** For versions prior to 2017-06-19, update to a version released after 2017-06-19 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** X.Org X Server versions prior to 2017-06-19 **Description** The issue concerns uninitialized data in endianness conversion within the XEvent handling of the X server, allowing authenticated malicious users to access potentially privileged data. **Recommendations** For versions prior to 2017-06-19, update to a version released after 2017-06-19 to resolve the issue.