漏洞描述
X.Org libXv是X.Org基金会运作的一个X Video扩展专属的基于Xlib的客户端库。 X.org libXv 1.0.7以及更早版本中存在缓冲区溢出漏洞。具有X servers权限的攻击者可通过将特制的长度值或索引值发送至XvQueryPortAttributes函数,从而利用该漏洞导致拒绝服务(崩溃),亦有可能执行任意代码。
X.Org libXv ‘XvQueryPortAttributes()’函数远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2025-46349: YesWiki Reflected XSS via File Upload
- POC exist-db-dashboard-access: eXist-DB Dashboard Access
- 东胜物流软件 /Areas/Mobile/Views/YunJia/YJCX.aspx SQL 注入漏洞
- 万户OA /defaultroot/evo/weixin/WeiXin!callback.action XML 外部实体注入漏洞
- Apache Struts XWork组件 XML外部实体注入漏洞(CVE-2025-68493)
- 时空智友ERP /formservice/wf XML 外部实体注入漏洞
- POC CVE-2012-10018: WordPress Mapplic <= 6.1 / Mapplic Lite <= 1.0 - Authenticated Stored XSS via SVG File Upload
- POC CVE-2011-3600: Apache OFBiz - XML External Entity Injection
- POC CVE-2015-8350: WordPress Calls to Action <=2.4.3 - Authenticated Reflected XSS
- POC CVE-2017-11107: phpLDAPadmin <= 1.2.3 - Reflected XSS
- POC CVE-2017-17762: Episerver 7 - Blind XML External Entity Injection
- POC CVE-2018-6961: VMware NSX SD-WAN Edge - Command Injection
- POC CVE-2021-33829: Drupal 7 CKEditor XSS