cvedb.io
CVE-2025-26599
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2025-02-25T16:15:39.163 · Last modified 2026-06-29T21:16:34.477

Summary

An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.

Affected products

tigervnc — tigervnc

Does this affect you?

Add your gear to cvedb and we'll alert you only when tigervnc ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.