Vulnerability CVE-2025-26595: Information

Description

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.

Severity: HIGH (7.8)

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2025-26595

Published: Feb. 25, 2025

Modified: April 6, 2026

Error type identifier: CWE-787

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
tigervnc	sisyphus	1.16.2-alt2	1.16.2-alt2	ALT-PU-2026-8622-1	419847	Fixed
tigervnc	p11	1.16.2-alt2	1.16.2-alt2	ALT-PU-2026-8624-2	419848	Fixed
tigervnc	c10f2	1.16.2-alt2	1.16.2-alt2	ALT-PU-2026-8643-3	419936	Fixed
tigervnc	c9f2	1.16.2-alt2	1.13.1-alt2	ALT-PU-2026-8744-2	420235	Testing
xorg-server	sisyphus	21.1.16-alt1	21.1.23-alt1	ALT-PU-2025-16667-1	376103	Fixed
xorg-server	p11	21.1.16-alt1	21.1.22-alt1	ALT-PU-2025-16471-1	376131	Fixed
xorg-server	p10	1.20.14-alt15	1.20.14-alt19	ALT-PU-2025-3550-3	376143	Fixed
xorg-server	p10_e2k	1.20.14-alt15.E2K.1	1.20.14-alt19.E2K.1	ALT-PU-2025-4776-1	-	Fixed
xorg-server	c10f2	1.20.14-alt15	1.20.14-alt19	ALT-PU-2025-3653-4	376349	Fixed
xorg-xwayland	sisyphus	24.1.6-alt1	24.1.12-alt1	ALT-PU-2025-16899-1	376103	Fixed
xorg-xwayland	p11	24.1.6-alt1	24.1.10-alt1	ALT-PU-2025-16475-1	376131	Fixed
xorg-xwayland	p10	23.1.1-alt7	23.1.1-alt11	ALT-PU-2025-3552-3	376143	Fixed
xorg-xwayland	p10_e2k	23.1.1-alt9	23.1.1-alt11	ALT-PU-2025-13005-1	-	Fixed
xorg-xwayland	c10f2	23.1.1-alt7	23.1.1-alt11	ALT-PU-2025-3655-4	376349	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://access.redhat.com/errata/RHSA-2025:2500	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2502	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2861	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2862	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2865	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2866	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2873	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2874	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2875	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2879	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2880	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:3976
https://access.redhat.com/errata/RHSA-2025:7163
https://access.redhat.com/errata/RHSA-2025:7165
https://access.redhat.com/errata/RHSA-2025:7458
https://access.redhat.com/security/cve/CVE-2025-26595	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2345257	Issue Tracking
https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html
BDU:2025-04127	BDU

Affected configurations:
1. cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*
  cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*
  End excluding
  21.1.16
  cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*
  End excluding
  24.1.6
  cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Version: v26.6.1