CVE-2019-17624

HIGH

X.Org X Server < 1.20.4 - Stack-Based Buffer Overflow in XQueryKeymap

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-17624. PoCs published by s4vitar.

AI-analyzed exploit summary This exploit triggers a stack overflow in X.Org X Server versions <= 1.20.4 by calling XQueryKeymap with an oversized buffer, leading to a denial-of-service condition. The PoC demonstrates the vulnerability but does not include payload execution.

Description

"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. Note: It is disputed if the X.Org X Server is involved or if there is a stack overflow.

Exploits (1)

exploitdb WORKING POC
by s4vitar · pythonlocallinux
https://www.exploit-db.com/exploits/47507

This exploit triggers a stack overflow in X.Org X Server versions <= 1.20.4 by calling XQueryKeymap with an oversized buffer, leading to a denial-of-service condition. The PoC demonstrates the vulnerability but does not include payload execution.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: X.Org X Server <= 1.20.4
No auth needed
Prerequisites: Local access to the X server · X11 library installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/47507
Release Notes, Vendor Advisory x_refsource_misc
https://www.x.org/releases/individual/xserver/

Scores

CVSS v3 7.8
EPSS 0.0369
EPSS Percentile 88.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
x.org/x_server < 1.20.4
Published Oct 16, 2019
Tracked Since Feb 18, 2026