CVE Record: CVE-2025-26596

Required CVE Record Information

Description

A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow.

CWE 1 Total

Learn more

CWE-787: Out-of-bounds Write

CVSS 1 Total

Learn more

Score	Severity	Version	Vector String
7.8	HIGH	3.1	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Product Status

Learn more

Versions 2 Total

Default Status: unaffected

affected

Versions 1 Total

Default Status: affected

unaffected

Versions 1 Total

Default Status: affected

unaffected

Versions 1 Total

Default Status: affected

unaffected

Versions 1 Total

Default Status: affected

unaffected

Versions 1 Total

Default Status: affected

unaffected

Versions 1 Total

Default Status: affected

unaffected

Versions 1 Total

Default Status: affected

unaffected

Versions 1 Total

Default Status: affected

unaffected

Versions 1 Total

Default Status: affected

unaffected

Versions 1 Total

Default Status: affected

unaffected

Versions 1 Total

Default Status: affected

unaffected

Versions 1 Total

Default Status: affected

unaffected

Versions 1 Total

Default Status: affected

unaffected

Versions 1 Total

Default Status: affected

unaffected

Versions 1 Total

Default Status: affected

unaffected

Versions 0 Total

Default Status: All versions are affected

Versions 0 Total

Default Status: All versions are unknown

Versions 0 Total

Default Status: All versions are unaffected

Versions 0 Total

Default Status: All versions are unaffected

Versions 0 Total

Default Status: All versions are affected

Versions 0 Total

Default Status: All versions are affected

References 13 Total

access.redhat.com: RHSA-2025:2500
external site
vendor-advisory
access.redhat.com: RHSA-2025:2502
external site
vendor-advisory
access.redhat.com: RHSA-2025:2861
external site
vendor-advisory
access.redhat.com: RHSA-2025:2862
external site
vendor-advisory
access.redhat.com: RHSA-2025:2865
external site
vendor-advisory
access.redhat.com: RHSA-2025:2866
external site
vendor-advisory
access.redhat.com: RHSA-2025:2873
external site
vendor-advisory
access.redhat.com: RHSA-2025:2874
external site
vendor-advisory
access.redhat.com: RHSA-2025:2875
external site
vendor-advisory
access.redhat.com: RHSA-2025:2879
external site
vendor-advisory
access.redhat.com: RHSA-2025:2880
external site
vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26596
external site
vdb-entry
bugzilla.redhat.com: RHBZ#2345256
external site
issue-tracking

Authorized Data Publishers

Learn more

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: Red Hat, Inc.

Description

CWE 1 Total

CVSS 1 Total

Product Status

References 13 Total

Authorized Data Publishers

CISA-ADP