Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-26598

Опубликовано: 25 фев. 2025
Источник: debian
EPSS Низкий

Описание

An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
xorg-serverfixed2:21.1.16-1package
xwaylandfixed2:24.1.6-1package
xwaylandignoredbookwormpackage

Примечания

  • https://lists.x.org/archives/xorg-announce/2025-February/003584.html

  • Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/bba9df1a9d57234c76c0b93f88dacb143d01bca2

EPSS

Процентиль: 6%
0.00029
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-26598

CVSS3: 7.8
ubuntu
4 месяца назад

An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.

redhat логотип

CVE-2025-26598

CVSS3: 7.8
redhat
4 месяца назад

An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.

nvd логотип

CVE-2025-26598

CVSS3: 7.8
nvd
4 месяца назад

An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.

msrc логотип

CVE-2025-26598

CVSS3: 7.8
msrc
3 месяца назад

Описание отсутствует

github логотип

GHSA-c28h-3w95-v6xg

CVSS3: 7.8
github
4 месяца назад

An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.

EPSS

Процентиль: 6%
0.00029
Низкий