Primary

Context

X.Org and Xwayland Buffer Overflow Vulnerability in Virtual Network Computing Component

Vulnerability

A buffer overflow vulnerability has been identified in X.Org and Xwayland, specifically within the TigerVNC suite. The issue arises in the XkbVModMaskText() function, where a fixed-sized buffer is allocated on the stack. The function then copies the names of virtual modifiers into this buffer without properly checking the data's size, leading to a buffer overflow condition.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to privilege escalation.

Remediation

Users can apply the available update for this vulnerability. Instructions for applying the update can be found in the Red Hat Product Errata RHSA-2025:2500, RHSA-2025:2502, RHSA-2025:2861, RHSA-2025:2862, RHSA-2025:2865, RHSA-2025:2880, RHSA-2025:2873, RHSA-2025:2874, RHSA-2025:2875, RHSA-2025:7163, RHSA-2025:7165, and RHSA-2025:7458.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

X.Org and Xwayland Buffer Overflow Vulnerability in Virtual Network Computing Component

Vulnerability

Impact

Remediation

Affected Products

Xwayland

tigervnc

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating