Filtered by vendor Xcb Project
Subscribe
Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-26955 | 1 Xcb Project | 1 Xcb | 2021-02-18 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name() calls std::str::from_utf8_unchecked() on unvalidated bytes from an X server. | |||||
CVE-2021-26956 | 1 Xcb Project | 1 Xcb | 2021-02-18 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because bytes from an X server can be interpreted as any data type returned by xcb::xproto::GetPropertyReply::value. | |||||
CVE-2021-26957 | 1 Xcb Project | 1 Xcb | 2021-02-18 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::change_property(), as demonstrated by a format=32 T=u8 situation where out-of-bounds bytes are sent to an X server. | |||||
CVE-2021-26958 | 1 Xcb Project | 1 Xcb | 2021-02-18 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::cast_event uses std::mem::transmute to return a reference to an arbitrary type. | |||||
CVE-2020-36205 | 1 Xcb Project | 1 Xcb | 2021-02-02 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur. |