← Back

Xterm

xterm

Vendor: Invisible Island • 6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-40359
1Invisible Island
1Xterm
Nov 21, 2024
Aug 14, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue. This can only occur for xterm installat...Show more
xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature.Show less
CVE-2022-45063
2Fedoraproject
Invisible Island
2Fedora
Xterm
Apr 8, 2026
Nov 10, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the...Show more
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.Show less
CVE-2022-24130
3Debian
FedoraprojectInvisible Island
3Debian Linux
FedoraXterm
Nov 21, 2024
Jan 31, 2022
N/A· v4
5.5 MEDIUM· v3
2.6 LOW· v2
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.
CVE-2021-27135
3Debian
FedoraprojectInvisible Island
3Debian Linux
FedoraXterm
Nov 21, 2024
Feb 10, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.
CVE-2008-2383
1Invisible Island
1Xterm
Apr 23, 2026
Jan 2, 2009
N/A· v4
N/A· v3
9.3 HIGH· v2
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequ...Show more
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.Show less
CVE-2006-7236
1Invisible Island
1Xterm
Apr 23, 2026
Jan 2, 2009
N/A· v4
N/A· v3
9.3 HIGH· v2
The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via esca...Show more
The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences.Show less