Vulnerabilities > CVE-2025-26596

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

tigervnc

x-org

redhat

NVD

Published: 2025-02-25

Updated: 2025-04-10

Summary

A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow.

Vulnerable Configurations

Part	Description	Count
Application	Tigervnc Tigervnc Tigervnc -	1
Application	X.Org X.Org X Server - X.Org Xwayland -	2
OS	Redhat Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 8.0 Redhat Enterprise Linux 9.0	3

References

https://access.redhat.com/errata/RHSA-2025:2500
https://access.redhat.com/errata/RHSA-2025:2502
https://access.redhat.com/errata/RHSA-2025:2861
https://access.redhat.com/errata/RHSA-2025:2862
https://access.redhat.com/errata/RHSA-2025:2865
https://access.redhat.com/errata/RHSA-2025:2866
https://access.redhat.com/errata/RHSA-2025:2873
https://access.redhat.com/errata/RHSA-2025:2874
https://access.redhat.com/errata/RHSA-2025:2875
https://access.redhat.com/errata/RHSA-2025:2879
https://access.redhat.com/errata/RHSA-2025:2880
https://access.redhat.com/security/cve/CVE-2025-26596
https://bugzilla.redhat.com/show_bug.cgi?id=2345256

Vulnerabilities > CVE-2025-26596 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2025-26596"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2025-26596