| Bug | bookworm | trixie | forky | sid | Description |
|---|
| CVE-2026-34003 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | A flaw was found in the X.Org X server's XKB key types request validat ... |
| CVE-2026-34002 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | XKB Out-of-bounds read in CheckModifierMap() |
| CVE-2026-34001 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | A flaw was found in the X.Org X server. This use-after-free vulnerabil ... |
| CVE-2026-34000 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | XKB Out-of-bounds Read in CheckSetGeom() |
| CVE-2026-33999 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | A flaw was found in the X.Org X server. This integer underflow vulnera ... |
| CVE-2025-62231 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | A flaw was identified in the X.Org X server\u2019s X Keyboard (Xkb) ex ... |
| CVE-2025-62230 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | A flaw was discovered in the X.Org X server\u2019s X Keyboard (Xkb) ex ... |
| CVE-2025-62229 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | A flaw was found in the X.Org X server and Xwayland when processing X1 ... |
| CVE-2025-49180 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | A flaw was found in the RandR extension, where the RRChangeProviderPro ... |
| CVE-2025-49179 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | A flaw was found in the X Record extension. The RecordSanityCheckRegis ... |
| CVE-2025-49178 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | A flaw was found in the X server's request handling. Non-zero 'bytes t ... |
| CVE-2025-49177 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | A flaw was found in the XFIXES extension. The XFixesSetClientDisconnec ... |
| CVE-2025-49176 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | A flaw was found in the Big Requests extension. The request length is ... |
| CVE-2025-49175 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | A flaw was found in the X Rendering extension's handling of animated c ... |
| CVE-2025-26601 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A use-after-free flaw was found in X.Org and Xwayland. When changing a ... |
| CVE-2025-26600 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A use-after-free flaw was found in X.Org and Xwayland. When a device i ... |
| CVE-2025-26599 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | An access to an uninitialized pointer flaw was found in X.Org and Xway ... |
| CVE-2025-26598 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | An out-of-bounds write flaw was found in X.Org and Xwayland. The funct ... |
| CVE-2025-26597 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTy ... |
| CVE-2025-26596 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A heap overflow flaw was found in X.Org and Xwayland. The computation ... |
| CVE-2025-26595 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A buffer overflow flaw was found in X.Org and Xwayland. The code in Xk ... |
| CVE-2025-26594 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A use-after-free flaw was found in X.Org and Xwayland. The root cursor ... |
| CVE-2024-31083 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A use-after-free vulnerability was found in the ProcRenderAddGlyphs() ... |
| CVE-2024-31081 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A heap-based buffer over-read vulnerability was found in the X.org ser ... |
| CVE-2024-31080 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A heap-based buffer over-read vulnerability was found in the X.org ser ... |
| CVE-2024-21886 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A heap buffer overflow flaw was found in the DisableDevice function in ... |
| CVE-2024-21885 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent fu ... |
| CVE-2024-9632 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A flaw was found in the X.org server. Due to improperly tracked alloca ... |
| CVE-2024-0409 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A flaw was found in the X.Org server. The cursor code in both Xephyr a ... |
| CVE-2024-0408 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A flaw was found in the X.Org server. The GLX PBuffer code does not ca ... |
| CVE-2024-0229 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | An out-of-bounds memory access flaw was found in the X.Org server. Thi ... |
| CVE-2023-6816 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQuer ... |
| CVE-2023-6478 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A flaw was found in xorg-server. A specially crafted request to RRChan ... |
| CVE-2023-6377 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A flaw was found in xorg-server. Querying or changing XKB button actio ... |
| CVE-2023-5367 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A out-of-bounds write flaw was found in the xorg-x11-server. This issu ... |