CVE-2025-26597

CVE-2025-26597

Name

CVE-2025-26597

Description

A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
vdb-entry	https://access.redhat.com/security/cve/CVE-2025-26597
issue-tracking	https://bugzilla.redhat.com/show_bug.cgi?id=2345255
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:2500
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:2502
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:2862
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:2865
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:2874
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:2875
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:2861
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:2866
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:2873
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:2879
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:2880
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:7163
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:7165
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:7458

Type

URI

vdb-entry

https://access.redhat.com/security/cve/CVE-2025-26597

issue-tracking

https://bugzilla.redhat.com/show_bug.cgi?id=2345255

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:2500

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:2502

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:2862

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:2865

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:2874

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:2875

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:2861

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:2866

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:2873

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:2879

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:2880

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:7163

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:7165

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:7458

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:tigervnc:tigervnc:-:::::::*`	tigervnc	== None	== -

CPE URI

Source package

Min version

Max version

cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*

tigervnc

== None

== -

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
xorg-server	edge-community	21.1.16-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xwayland	edge-community	24.1.6-r0	Simon Zeni <simon@bl4ckb0ne.ca>	fixed
xorg-server	3.21-community	21.1.16-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xwayland	3.21-community	24.1.6-r0	Simon Zeni <simon@bl4ckb0ne.ca>	fixed

Source package

Branch

Version

Maintainer

Status

xorg-server

edge-community

21.1.16-r0

Natanael Copa <ncopa@alpinelinux.org>

fixed

xwayland

edge-community