漏洞描述
libdmx是X.Org基金会运作的一个X专属的DMX扩展接口。 X.org libdmx 1.1.2及更早版本中存在多个整数溢出漏洞。具有X servers权限的攻击者可通过与(1) DMXGetScreenAttributes,(2) DMXGetWindowAttributes,以及(3) DMXGetInputAttributes函数有关的向量利用该漏洞触发内存不足的分配和缓冲区溢出。
X.Org libdmx 多个远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2025-66472: XWiki DeleteApplication - Cross-Site Scripting
- POC CVE-2025-66516: Apache Tika - XML External Entity Injection
- POC polycom-hdx-web-exposure: Polycom HDX - Web Interface Exposure
- POC xymon-exposure: Xymon - Exposure
- POC springboot-x-application-context: Spring Boot `X-Application-Context` Header Exposure
- POC wp-breadcrumb-navxt-fpd: WordPress Breadcrumb NavXT - Full Path Disclosure
- POC ektron-blog-xmlrpc-xxe: Ektron CMS Blogs xmlrpc.aspx - XML External Entity Injection
- 泛微OA E-Cology /rest/ofs/deleteRequestInfoByXml XML 外部实体注入漏洞
- Growatt Shinelink/-X 系统 默认口令漏洞
- 时空智友ERP /formservice richclient.initRCForm XML 外部实体注入漏洞(CVE-2026-1218)
- o2oa /x_program_center/jaxrs/mpweixin/check XML 外部实体注入漏洞
- X2Modbus网关 /index.html 未授权访问漏洞
- POC CVE-2025-46349: YesWiki Reflected XSS via File Upload