VDB

GCVE-VVD-MAGEIA-2025-86

GCVE-VVD-MAGEIA-2025-86
Advisory Published
Vulnetix · Advisory published October 20, 2025
Use-after-free of the root cursor. (CVE-2025-26594) Buffer overflow in XkbVModMaskText(). (CVE-2025-26595) Heap overflow in XkbWriteKeySyms(). (CVE-2025-26596) Buffer overflow in XkbChangeTypesOfKey(). (CVE-2025-26597) Out-of-bounds write in CreatePointerBarrierClient(). (CVE-2025-26598) Use of uninitialized pointer in compRedirectWindow(). (CVE-2025-26599) Use-after-free in PlayReleasedEvents(). (CVE-2025-26600) Use-after-free in SyncInitTrigger(). (CVE-2025-26601)
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiatigervnc0 (affected), 1.13.1-2.7.mga9 (unaffected), 0 (affected), 1.13.1-2.7.mga9 (unaffected)
Mageiax11-server0 (affected), 21.1.8-7.7.mga9 (unaffected), 0 (affected), 21.1.8-7.7.mga9 (unaffected)
Mageiarust0 (affected), 1.82.0-1.mga9 (unaffected)
Mageiax11-server-xwayland0 (affected), 22.1.9-1.7.mga9 (unaffected), 0 (affected), 22.1.9-1.7.mga9 (unaffected)

References

Updated x11-server, x11-server-xwayland & tigervnc packages fix security vulnerabilities
advisory
Updated x11-server, x11-server-xwayland & tigervnc packages fix security vulnerabilities
issue
Updated x11-server, x11-server-xwayland & tigervnc packages fix security vulnerabilities
issue
Updated rust packages fix bug
advisory
Updated rust packages fix bug
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›