CVE-2025-26595

Name
CVE-2025-26595
Description
A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vdb-entry https://access.redhat.com/security/cve/CVE-2025-26595
issue-tracking https://bugzilla.redhat.com/show_bug.cgi?id=2345257
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:2500
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:2502
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:2862
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:2865
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:2874
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:2875
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:2861
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:2866
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:2873
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:2879
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:2880
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:7163
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:7165
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:7458

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:* tigervnc == None == -

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
xorg-server edge-community 21.1.16-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xwayland edge-community 24.1.6-r0 Simon Zeni <simon@bl4ckb0ne.ca> fixed
xorg-server 3.21-community 21.1.16-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xwayland 3.21-community 24.1.6-r0 Simon Zeni <simon@bl4ckb0ne.ca> fixed