CVE-2025-26596

Published: February 26, 2025Last modified: February 28, 2025

Description

A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow.

Severity score breakdown

Status

References

• https://access.redhat.com/errata/RHSA-2025:2500
• https://access.redhat.com/errata/RHSA-2025:2502
• https://access.redhat.com/errata/RHSA-2025:2861
• https://access.redhat.com/errata/RHSA-2025:2862
• https://access.redhat.com/errata/RHSA-2025:2865
• https://access.redhat.com/errata/RHSA-2025:2866
• https://access.redhat.com/errata/RHSA-2025:2873
• https://access.redhat.com/errata/RHSA-2025:2874
• https://access.redhat.com/errata/RHSA-2025:2875
• https://access.redhat.com/errata/RHSA-2025:2879
• https://access.redhat.com/errata/RHSA-2025:2880
• https://access.redhat.com/security/cve/CVE-2025-26596
• https://bugzilla.redhat.com/show_bug.cgi?id=2345256