A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Linux
  • Rhel Aus
  • Rhel E4s
  • Rhel Els
  • Rhel Eus
  • Rhel Tus
Tigervnc
  • Tigervnc
X.org
  • X Server
  • Xwayland

Configuration 1 [-]

cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xwayland:-:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 7 Extended Lifecycle Support
tigervnc-0:1.8.0-36.el7_9 cpe:/o:redhat:rhel_els:7 RHSA-2025:2861 2025-03-17T00:00:00Z
xorg-x11-server-0:1.20.4-30.el7_9 cpe:/o:redhat:rhel_els:7 RHSA-2025:2879 2025-03-17T00:00:00Z
Red Hat Enterprise Linux 8
tigervnc-0:1.13.1-15.el8_10 cpe:/a:redhat:enterprise_linux:8 RHSA-2025:2502 2025-03-10T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
tigervnc-0:1.9.0-15.el8_2.13 cpe:/a:redhat:rhel_aus:8.2 RHSA-2025:2866 2025-03-17T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
tigervnc-0:1.11.0-8.el8_4.12 cpe:/a:redhat:rhel_aus:8.4 RHSA-2025:2865 2025-03-17T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
tigervnc-0:1.11.0-8.el8_4.12 cpe:/a:redhat:rhel_tus:8.4 RHSA-2025:2865 2025-03-17T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
tigervnc-0:1.11.0-8.el8_4.12 cpe:/a:redhat:rhel_e4s:8.4 RHSA-2025:2865 2025-03-17T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
tigervnc-0:1.12.0-6.el8_6.13 cpe:/a:redhat:rhel_aus:8.6 RHSA-2025:2880 2025-03-17T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
tigervnc-0:1.12.0-6.el8_6.13 cpe:/a:redhat:rhel_tus:8.6 RHSA-2025:2880 2025-03-17T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
tigervnc-0:1.12.0-6.el8_6.13 cpe:/a:redhat:rhel_e4s:8.6 RHSA-2025:2880 2025-03-17T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
tigervnc-0:1.12.0-15.el8_8.12 cpe:/a:redhat:rhel_eus:8.8 RHSA-2025:2862 2025-03-17T00:00:00Z
Red Hat Enterprise Linux 9
tigervnc-0:1.14.1-1.el9_5.1 cpe:/a:redhat:enterprise_linux:9 RHSA-2025:2500 2025-03-10T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
tigervnc-0:1.11.0-22.el9_0.13 cpe:/a:redhat:rhel_e4s:9.0 RHSA-2025:2873 2025-03-17T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
tigervnc-0:1.12.0-14.el9_2.10 cpe:/a:redhat:rhel_eus:9.2 RHSA-2025:2874 2025-03-17T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
tigervnc-0:1.13.1-8.el9_4.5 cpe:/a:redhat:rhel_eus:9.4 RHSA-2025:2875 2025-03-17T00:00:00Z
References
Link Providers
https://access.redhat.com/errata/RHSA-2025:2500 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2502 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2861 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2862 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2865 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2866 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2873 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2874 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2875 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2879 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2880 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-26596 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2345256 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-26596 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-26596 cve-icon
History

Sat, 22 Mar 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122

Mon, 17 Mar 2025 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_aus:8.2
cpe:/a:redhat:rhel_aus:8.4
cpe:/a:redhat:rhel_aus:8.6
cpe:/a:redhat:rhel_e4s:8.4
cpe:/a:redhat:rhel_e4s:8.6
cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_eus:8.8
cpe:/a:redhat:rhel_eus:9.2
cpe:/a:redhat:rhel_eus:9.4
cpe:/a:redhat:rhel_tus:8.4
cpe:/a:redhat:rhel_tus:8.6

Mon, 17 Mar 2025 05:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/o:redhat:enterprise_linux:7 cpe:/a:redhat:rhel_aus:8.2::appstream
cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.6::appstream
cpe:/a:redhat:rhel_e4s:9.0::appstream
cpe:/a:redhat:rhel_tus:8.6::appstream
cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel Els
References

Mon, 17 Mar 2025 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.4::appstream
cpe:/a:redhat:rhel_e4s:8.4::appstream
cpe:/a:redhat:rhel_eus:9.2::appstream
cpe:/a:redhat:rhel_eus:9.4::appstream
cpe:/a:redhat:rhel_tus:8.4::appstream
Vendors & Products Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
References

Mon, 17 Mar 2025 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:8.8::appstream
Vendors & Products Redhat rhel Eus
References

Tue, 11 Mar 2025 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8
cpe:/a:redhat:enterprise_linux:9

Mon, 10 Mar 2025 13:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8::appstream
References

Mon, 10 Mar 2025 13:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9::appstream
References

Tue, 04 Mar 2025 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Tigervnc
Tigervnc tigervnc
X.org
X.org x Server
X.org xwayland
Weaknesses CWE-787
CPEs cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xwayland:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products Tigervnc
Tigervnc tigervnc
X.org
X.org x Server
X.org xwayland

Wed, 26 Feb 2025 02:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Tue, 25 Feb 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 25 Feb 2025 16:00:00 +0000

Type Values Removed Values Added
Description A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow.
Title Xorg: xwayland: heap overflow in xkbwritekeysyms()
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-122
CPEs cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-02-25T15:54:23.693Z

Updated: 2025-03-27T04:20:12.127Z

Reserved: 2025-02-12T14:12:22.795Z

Link: CVE-2025-26596

cve-icon Vulnrichment

Updated: 2025-02-25T17:15:55.709Z

cve-icon NVD

Status : Modified

Published: 2025-02-25T16:15:38.603

Modified: 2025-03-21T16:15:18.887

Link: CVE-2025-26596

cve-icon Redhat

Severity : Important

Publid Date: 2025-02-25T00:00:00Z

Links: CVE-2025-26596 - Bugzilla