mirror of
https://github.com/X11Libre/xserver.git
synced 2026-03-24 21:41:25 +00:00
80d69f0142
The computation of the length in XkbSizeKeySyms() differs from what is actually written in XkbWriteKeySyms(), leading to a heap overflow. Fix the calculation in XkbSizeKeySyms() to match what kbWriteKeySyms() does. CVE-2025-26596, ZDI-CAN-25543 This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
The X server uses this directory to store the compiled version of the
current keymap and/or any scratch keymaps used by clients. The X server
or some other tool might destroy or replace the files in this directory,
so it is not a safe place to store compiled keymaps for long periods of
time. The default keymap for any server is usually stored in:
X<num>-default.xkm
where <num> is the display number of the server in question, which makes
it possible for several servers *on the same host* to share the same
directory.
Unless the X server is modified, sharing this directory between servers on
different hosts could cause problems.