Vulnerability CVE-2025-26597: Information

Description

A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size.

Severity: HIGH (7.8)

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2025-26597

Published: Feb. 25, 2025

Modified: June 2, 2026

Error type identifier: CWE-119

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
tigervnc	sisyphus	1.16.2-alt2	1.16.2-alt2	ALT-PU-2026-8622-1	419847	Fixed
tigervnc	p11	1.16.2-alt2	1.16.2-alt2	ALT-PU-2026-8624-2	419848	Fixed
tigervnc	c10f2	1.16.2-alt2	1.16.2-alt2	ALT-PU-2026-8643-3	419936	Fixed
tigervnc	c9f2	1.16.2-alt2	1.13.1-alt2	ALT-PU-2026-8744-2	420235	Testing
xorg-server	sisyphus	21.1.16-alt1	21.1.23-alt1	ALT-PU-2025-16667-1	376103	Fixed
xorg-server	p11	21.1.16-alt1	21.1.22-alt1	ALT-PU-2025-16471-1	376131	Fixed
xorg-server	p10	1.20.14-alt15	1.20.14-alt19	ALT-PU-2025-3550-3	376143	Fixed
xorg-server	p10_e2k	1.20.14-alt15.E2K.1	1.20.14-alt19.E2K.1	ALT-PU-2025-4776-1	-	Fixed
xorg-server	c10f2	1.20.14-alt15	1.20.14-alt19	ALT-PU-2025-3653-4	376349	Fixed
xorg-xwayland	sisyphus	24.1.6-alt1	24.1.12-alt1	ALT-PU-2025-16899-1	376103	Fixed
xorg-xwayland	p11	24.1.6-alt1	24.1.10-alt1	ALT-PU-2025-16475-1	376131	Fixed
xorg-xwayland	p10	23.1.1-alt7	23.1.1-alt11	ALT-PU-2025-3552-3	376143	Fixed
xorg-xwayland	p10_e2k	23.1.1-alt9	23.1.1-alt11	ALT-PU-2025-13005-1	-	Fixed
xorg-xwayland	c10f2	23.1.1-alt7	23.1.1-alt11	ALT-PU-2025-3655-4	376349	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://access.redhat.com/errata/RHSA-2025:2500	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2502	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2861	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2862	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2865	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2866	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2873	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2874	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2875	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2879	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2880	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:3976
https://access.redhat.com/errata/RHSA-2025:7163
https://access.redhat.com/errata/RHSA-2025:7165
https://access.redhat.com/errata/RHSA-2025:7458
https://access.redhat.com/security/cve/CVE-2025-26597	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2345255	Issue Tracking
http://www.openwall.com/lists/oss-security/2026/06/02/1
https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html
BDU:2025-06974	BDU

Affected configurations:
1. cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*
  cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*
  End excluding
  21.1.16
  cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*
  End excluding
  24.1.6
  cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Version: v26.6.1