7.8

CVE-2025-26598

EPSS 0.06%
Veröffentlicht 25.02.2025 16:15:38
Zuletzt bearbeitet 03.11.2025 22:18:42
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 20

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tigervnc ≫ Tigervnc Version-

X.Org ≫ X Server Version < 21.1.16

X.Org ≫ Xwayland Version < 24.1.6

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.172

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/security/cve/CVE-2025-26598

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2345254

Issue Tracking

https://access.redhat.com/errata/RHSA-2025:2500

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2502

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2862

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2865

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2874

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2875

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2861

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2866

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2873

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2879

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2880

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:7163

https://access.redhat.com/errata/RHSA-2025:7165

https://access.redhat.com/errata/RHSA-2025:7458

https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html

https://nvd.nist.gov/vuln/detail/CVE-2025-26598

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-26598

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-26598

EUVD