漏洞描述
X.Org libXvMC是X.Org基金会运作的一个X-Video Motion Compensation API专属的基于Xlib的客户端库。 X.org libXvMC 1.0.7以及更早版本中存在缓冲区溢出漏洞。具有X servers权限的攻击者可通过向XvMCGetDRInfo函数发送特制的长度值或索引值,从而利用该漏洞导致拒绝服务(崩溃)亦有可能执行任意代码。
X.Org libXvMC ‘XvMCGetDRInfo()’函数远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- Apache Struts XWork组件 XML外部实体注入漏洞(CVE-2025-68493)
- 时空智友ERP /formservice/wf XML 外部实体注入漏洞
- POC CVE-2012-10018: WordPress Mapplic <= 6.1 / Mapplic Lite <= 1.0 - Authenticated Stored XSS via SVG File Upload
- POC CVE-2011-3600: Apache OFBiz - XML External Entity Injection
- POC CVE-2015-8350: WordPress Calls to Action <=2.4.3 - Authenticated Reflected XSS
- POC CVE-2017-11107: phpLDAPadmin <= 1.2.3 - Reflected XSS
- POC CVE-2017-17762: Episerver 7 - Blind XML External Entity Injection
- POC CVE-2018-6961: VMware NSX SD-WAN Edge - Command Injection
- POC CVE-2021-33829: Drupal 7 CKEditor XSS
- POC CVE-2023-27624: WordPress Redirect After Login <= 0.1.9 - Admin Stored XSS
- POC jboss-jmx-console-unauth: JBoss JMX Console - Unauthenticated Access
- 金和OA QuickMatch.aspx XXE漏洞
- Nagios XI-默认口令漏洞