Nixpkgs Security Tracker

Untriaged

Permalink CVE-2025-26597

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Xorg: xwayland: buffer overflow in xkbchangetypesofkey()

A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size.

References

https://access.redhat.com/security/cve/CVE-2025-26597 x_refsource_REDHAT vdb-entry
RHBZ#2345255 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-26597 x_refsource_REDHAT vdb-entry
RHBZ#2345255 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26597 x_refsource_REDHAT vdb-entry
RHBZ#2345255 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26597 x_refsource_REDHAT vdb-entry
RHBZ#2345255 issue-tracking x_refsource_REDHAT
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26597 x_refsource_REDHAT vdb-entry
RHBZ#2345255 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26597 x_refsource_REDHAT vdb-entry
RHBZ#2345255 issue-tracking x_refsource_REDHAT
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26597 x_refsource_REDHAT vdb-entry
RHBZ#2345255 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26597 x_refsource_REDHAT vdb-entry
RHBZ#2345255 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26597 x_refsource_REDHAT vdb-entry
RHBZ#2345255 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26597 x_refsource_REDHAT vdb-entry
RHBZ#2345255 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26597 x_refsource_REDHAT vdb-entry
RHBZ#2345255 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26597 x_refsource_REDHAT vdb-entry
RHBZ#2345255 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26597 x_refsource_REDHAT vdb-entry
RHBZ#2345255 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html

Affected products

xserver

<21.1.16
<24.1.6

tigervnc

xorg-x11-server

xorg-x11-server-Xwayland

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

nixos-unstable -
- nixpkgs-unstable 1.15.0

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.tigervnc