Untriaged
Permalink
CVE-2025-62231
7.3 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): LOW
- Availability impact (A): HIGH
Xorg: xmayland: value overflow in xkbsetcompatmap()
A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
References
- https://access.redhat.com/security/cve/CVE-2025-62231 x_refsource_REDHAT vdb-entry
- RHBZ#2402660 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-62231 x_refsource_REDHAT vdb-entry
- RHBZ#2402660 issue-tracking x_refsource_REDHAT
- RHSA-2025:19432 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19433 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19434 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19435 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19489 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-62231 x_refsource_REDHAT vdb-entry
- RHBZ#2402660 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html
- RHSA-2025:19432 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19433 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19434 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19435 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19489 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19623 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-62231 x_refsource_REDHAT vdb-entry
- RHBZ#2402660 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html
- http://www.openwall.com/lists/oss-security/2025/10/28/7
- RHSA-2025:19489 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19623 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19909 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-62231 x_refsource_REDHAT vdb-entry
- RHBZ#2402660 issue-tracking x_refsource_REDHAT
- RHSA-2025:19432 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19433 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19434 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19435 x_refsource_REDHAT vendor-advisory
- https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html
- http://www.openwall.com/lists/oss-security/2025/10/28/7
- RHSA-2025:19434 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19435 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19489 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19623 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19909 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20958 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20960 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20961 x_refsource_REDHAT vendor-advisory
- RHSA-2025:21035 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-62231 x_refsource_REDHAT vdb-entry
- RHBZ#2402660 issue-tracking x_refsource_REDHAT
- RHSA-2025:19432 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19433 x_refsource_REDHAT vendor-advisory
- https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html
- http://www.openwall.com/lists/oss-security/2025/10/28/7
- RHSA-2025:19432 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19433 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19434 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19435 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19489 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19623 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19909 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20958 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20960 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20961 x_refsource_REDHAT vendor-advisory
- RHSA-2025:21035 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22040 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22041 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22051 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22055 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22056 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22077 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22096 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-62231 x_refsource_REDHAT vdb-entry
- RHBZ#2402660 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html
- http://www.openwall.com/lists/oss-security/2025/10/28/7
- RHSA-2025:19434 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19435 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19489 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19623 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19909 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20958 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20960 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20961 x_refsource_REDHAT vendor-advisory
- RHSA-2025:21035 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22040 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22041 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22051 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22055 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22056 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22077 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22096 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22164 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22167 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-62231 x_refsource_REDHAT vdb-entry
- RHBZ#2402660 issue-tracking x_refsource_REDHAT
- RHSA-2025:19432 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19433 x_refsource_REDHAT vendor-advisory
- https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html
- http://www.openwall.com/lists/oss-security/2025/10/28/7
- RHSA-2025:19432 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19433 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19434 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19435 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19489 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19623 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19909 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20958 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20960 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20961 x_refsource_REDHAT vendor-advisory
- RHSA-2025:21035 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22040 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22041 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22051 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22055 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22056 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22077 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22096 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22164 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22167 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22364 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22365 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22426 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22427 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-62231 x_refsource_REDHAT vdb-entry
- RHBZ#2402660 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2025/10/28/7
- https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html
- RHSA-2025:19432 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19433 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19434 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19435 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19489 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19623 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19909 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20958 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20960 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20961 x_refsource_REDHAT vendor-advisory
- RHSA-2025:21035 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22040 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22041 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22051 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22055 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22056 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22077 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22096 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22164 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22167 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22364 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22365 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22426 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22427 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22667 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-62231 x_refsource_REDHAT vdb-entry
- RHBZ#2402660 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html
- http://www.openwall.com/lists/oss-security/2025/10/28/7
- https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html
- http://www.openwall.com/lists/oss-security/2025/10/28/7
- RHSA-2025:19435 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19489 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19623 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19909 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20958 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20960 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20961 x_refsource_REDHAT vendor-advisory
- RHSA-2025:21035 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22040 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22041 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22051 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22055 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22056 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22077 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22096 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22164 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22167 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22364 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22365 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22426 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22427 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22667 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22729 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22742 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22753 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-62231 x_refsource_REDHAT vdb-entry
- RHBZ#2402660 issue-tracking x_refsource_REDHAT
- RHSA-2025:19432 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19433 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19434 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19432 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19433 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19434 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19435 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19489 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19623 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19909 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20958 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20960 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20961 x_refsource_REDHAT vendor-advisory
- RHSA-2025:21035 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22040 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22041 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22051 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22055 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22056 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22077 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22096 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22164 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22167 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22364 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22365 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22426 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22427 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22667 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22729 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22742 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22753 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-62231 x_refsource_REDHAT vdb-entry
- RHBZ#2402660 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html
- http://www.openwall.com/lists/oss-security/2025/10/28/7
- RHSA-2025:19432 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19433 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19434 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19435 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19489 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19623 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19909 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20958 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20960 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20961 x_refsource_REDHAT vendor-advisory
- RHSA-2025:21035 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22040 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22041 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22051 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22055 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22056 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22077 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22096 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22164 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22167 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22364 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22365 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22426 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22427 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22667 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22729 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22742 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22753 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0031 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0033 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0034 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0035 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0036 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-62231 x_refsource_REDHAT vdb-entry
- RHBZ#2402660 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html
- http://www.openwall.com/lists/oss-security/2025/10/28/7
Affected products
tigervnc
- *
xwayland
- <24.1.9
xorg-x11-server
- *
xorg-x11-server-Xwayland
- *