Several vulnerabilities have been found in the server-side code
of some extensions in the X Window System. Improper validation of
client-provided data can cause data corruption.
Exploiting these overflows will crash the X server or,
under certain circumstances allow the execution of arbitray machine
code.
When the X server is running with root privileges (which is the case
for the Xorg server and for most kdrive based servers), these
vulnerabilities can thus also be used to raise privileges.
All these vulnerabilities, to be exploited successfully, require either
an already established connection to a running X server (and normally
running X servers are only accepting authenticated connections), or a
shell access with a valid user on the machine where the vulnerable
server is installed.