CVE-2025-62231
published 2025-10-30CVE-2025-62231: A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned…
high7.3CVSS 3.1
AVLACLPRLUINSUCHILAH
A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | xorg-server | < xorg-server 2:21.1.7-3+deb12u11 (bookworm) | xorg-server 2:21.1.7-3+deb12u11 (bookworm) |
| debian | xwayland | < xorg-server 2:21.1.7-3+deb12u11 (bookworm) | xorg-server 2:21.1.7-3+deb12u11 (bookworm) |
| msrc | azl3_wayland_1.22.0-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_xorg-x11-server-xwayland_24.1.6-2_on_azure_linux_3.0 | — | — |
| x.org | xorg-server | >= 0 < 2:1.20.11-1+deb11u17 | 2:1.20.11-1+deb11u17 |
| x.org | xorg-server | >= 0 < 2:21.1.7-3+deb12u11 | 2:21.1.7-3+deb12u11 |
| x.org | xorg-server | >= 0 < 2:21.1.16-1.3+deb13u1 | 2:21.1.16-1.3+deb13u1 |
| x.org | xorg-server | >= 0 < 2:21.1.20-1 | 2:21.1.20-1 |
| x.org | xwayland | < 24.1.9 | 24.1.9 |
| x.org | xwayland | >= 0 < 2:24.1.9-1 | 2:24.1.9-1 |
CVSS provenance
nvdv3.17.3HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
osv7.3HIGH