CVE-2025-26595

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-26595

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-26595.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-26595

Downstream

BELL-CVE-2025-26595

DEBIAN-CVE-2025-26595

DLA-4072-1

DSA-5872-1

OESA-2025-1256

OESA-2025-1429

RHSA-2025:2500

RHSA-2025:2502

RHSA-2025:2861

RHSA-2025:2862

RHSA-2025:2865

RHSA-2025:2866

RHSA-2025:2873

RHSA-2025:2874

RHSA-2025:2875

RHSA-2025:2879

RHSA-2025:2880

RHSA-2025:7163

RHSA-2025:7165

RHSA-2025:7458

RLSA-2025:2500

RLSA-2025:2502

SUSE-SU-2025:0729-1

SUSE-SU-2025:0730-1

SUSE-SU-2025:0731-1

SUSE-SU-2025:0732-1

SUSE-SU-2025:0733-1

SUSE-SU-2025:0734-1

SUSE-SU-2025:0758-1

SUSE-SU-2025:0818-1

UBUNTU-CVE-2025-26595

USN-7299-1

USN-7299-2

USN-7299-4

openSUSE-SU-2025:14838-1

openSUSE-SU-2025:14841-1

openSUSE-SU-2025:14842-1

Related

Published

2025-02-25T16:15:38Z

Modified

2025-08-09T20:01:28Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.

References

Affected packages