Nixpkgs Security Tracker

Untriaged

Permalink CVE-2025-26599

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Xorg: xwayland: use of uninitialized pointer in compredirectwindow()

An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.

References

https://access.redhat.com/security/cve/CVE-2025-26599 x_refsource_REDHAT vdb-entry
RHBZ#2345253 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-26599 x_refsource_REDHAT vdb-entry
RHBZ#2345253 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26599 x_refsource_REDHAT vdb-entry
RHBZ#2345253 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26599 x_refsource_REDHAT vdb-entry
RHBZ#2345253 issue-tracking x_refsource_REDHAT
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26599 x_refsource_REDHAT vdb-entry
RHBZ#2345253 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26599 x_refsource_REDHAT vdb-entry
RHBZ#2345253 issue-tracking x_refsource_REDHAT
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26599 x_refsource_REDHAT vdb-entry
RHBZ#2345253 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26599 x_refsource_REDHAT vdb-entry
RHBZ#2345253 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26599 x_refsource_REDHAT vdb-entry
RHBZ#2345253 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26599 x_refsource_REDHAT vdb-entry
RHBZ#2345253 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26599 x_refsource_REDHAT vdb-entry
RHBZ#2345253 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26599 x_refsource_REDHAT vdb-entry
RHBZ#2345253 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26599 x_refsource_REDHAT vdb-entry
RHBZ#2345253 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html

Affected products

xserver

<21.1.16
<24.1.6

tigervnc

xorg-x11-server

xorg-x11-server-Xwayland

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

nixos-unstable -
- nixpkgs-unstable 1.15.0

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.tigervnc