Security expert Ilja van Sprundel has identified a number of safety-critical bugs in the code of the X11 client libraries from X.org. X.org is the graphic display system used on most Linux and Unix-based systems. According to a note on the X.org developers list, the main reason for the large number of vulnerabilities is that the client libraries trust that the data sent by the X server satisfies the X11 protocol and is correct, but the code itself is susceptible to integer and buffer overflow attacks.
In the general case, the danger is minimized if the X server and X client programs run with the same user ID. However, in special cases, such as Set-UID programs, an intruder could use this attack to obtain root privileges. All previous versions of X.org are affected. Patches to the source code are available at the X.org site.