Nixpkgs security tracker

Login with GitHub

Suggestion detail

Dismissed
Permalink CVE-2025-62229
7.3 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 5 months ago by @leona-ya Activity log
  • Created suggestion 6 months ago
  • @leona-ya ignored package tigervnc 5 months ago
  • @leona-ya accepted 5 months ago
  • @leona-ya dismissed 5 months ago
Xorg: xmayland: use-after-free in xpresentnotify structure creation

A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.

References

Affected products

tigervnc
  • *
xwayland
  • <24.1.9
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *
Ignored packages (1)

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

already updated in nixpkgs 25.05, 25.11 and unstable.