A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow.
https://access.redhat.com/security/cve/CVE-2025-26596
https://access.redhat.com/errata/RHSA-2025:7458
https://access.redhat.com/errata/RHSA-2025:7165
https://access.redhat.com/errata/RHSA-2025:7163
https://access.redhat.com/errata/RHSA-2025:2880
https://access.redhat.com/errata/RHSA-2025:2879
https://access.redhat.com/errata/RHSA-2025:2875
https://access.redhat.com/errata/RHSA-2025:2874
https://access.redhat.com/errata/RHSA-2025:2873
https://access.redhat.com/errata/RHSA-2025:2866
https://access.redhat.com/errata/RHSA-2025:2865
https://access.redhat.com/errata/RHSA-2025:2862
https://access.redhat.com/errata/RHSA-2025:2861
Published: 2025-02-25
Updated: 2025-05-13
Named Vulnerability: XkbSizeKeySyms Heap-based Buffer Overflow
Base Score: 6.8
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
Severity: Medium
Base Score: 7.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: High
EPSS: 0.00023