AZL-57277

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-57277.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-57277

Upstream

CVE-2025-26595

Published

2025-02-25T16:15:38Z

Modified

2026-04-01T05:19:47.221905Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2025-26595 affecting package xorg-x11-server 1.20.10-6

Details

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-26595

Affected packages

Azure Linux:3 / xorg-x11-server

Package

Name: xorg-x11-server
Purl: pkg:rpm/azure-linux/xorg-x11-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.20.10-6

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-57277.json"