7.8

CVE-2025-26599

EPSS 0.03%
Veröffentlicht 25.02.2025 16:15:39
Zuletzt bearbeitet 06.04.2026 13:17:16
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Xorg: xwayland: use of uninitialized pointer in compredirectwindow()

An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 21

NVD 6 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tigervnc ≫ Tigervnc Version-

X.Org ≫ X Server Version < 21.1.16

X.Org ≫ Xwayland Version < 24.1.6

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.102

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-824 Access of Uninitialized Pointer

The product accesses or uses a pointer that has not been initialized.

https://access.redhat.com/security/cve/CVE-2025-26599

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2345253

Issue Tracking

https://access.redhat.com/errata/RHSA-2025:2500

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2502

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2862

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2865

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2874

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2875

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2861

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2866

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2873

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2879

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2880

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:7163

https://access.redhat.com/errata/RHSA-2025:7165

https://access.redhat.com/errata/RHSA-2025:7458

https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html

https://access.redhat.com/errata/RHSA-2025:3976

https://nvd.nist.gov/vuln/detail/CVE-2025-26599

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-26599

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-26599

EUVD