Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-26595

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.

Published

2025-02-25T16:15:38.390

Last Modified

2025-05-13T20:15:26.337

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-121
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	tigervnc	tigervnc	-	Yes
Application	x.org	x_server	< 21.1.16	Yes
Application	x.org	xwayland	< 24.1.6	Yes
Operating System	redhat	enterprise_linux	7.0	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux	9.0	Yes

References

https://access.redhat.com/errata/RHSA-2025:2500 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2502 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2861 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2862 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2865 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2866 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2873 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2874 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2875 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2879 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2880 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:7163 ([email protected])
https://access.redhat.com/errata/RHSA-2025:7165 ([email protected])
https://access.redhat.com/errata/RHSA-2025:7458 ([email protected])
https://access.redhat.com/security/cve/CVE-2025-26595 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2345257 Issue Tracking ([email protected])