FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-07-24 13:09:51 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
f4297478-fa62-11ef-b597-001fc69cd6dc	xorg server -- Multiple vulnerabilities The X.Org project reports: CVE-2025-26594: Use-after-free of the root cursor The root cursor is referenced in the xserver as a global variable. If a client manages to free the root cursor, the internal reference points to freed memory and causes a use-after-free. CVE-2025-26595: Buffer overflow in XkbVModMaskText() The code in XkbVModMaskText() allocates a fixed sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code however fails to check the bounds of the buffer correctly and would copy the data regardless of the size, which may lead to a buffer overflow. CVE-2025-26596: Heap overflow in XkbWriteKeySyms() The computation of the length in XkbSizeKeySyms() differs from what is actually written in XkbWriteKeySyms(), which may lead to a heap based buffer overflow. CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey() If XkbChangeTypesOfKey() is called with 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If later, the same function is called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size. CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient() The function GetBarrierDevice() searches for the pointer device based on its device id and returns the matching value, or supposedly NULL if no match was found. However the code will return the last element of the list if no matching device id was found which can lead to out of bounds memory access. CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow() The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without the validation of the window tree marked just before, which leaves the validate data partly initialized, and the use of an uninitialized pointer later. CVE-2025-26600: Use-after-free in PlayReleasedEvents() When a device is removed while still frozen, the events queued for that device remain while the device itself is freed and replaying the events will cause a use after free. CVE-2025-26601: Use-after-free in SyncInitTrigger() When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object. This can be used to cause a use after free when the alarm eventually triggers. Discovery 2025-02-25 Entry 2025-03-06 xorg-server xephyr xorg-vfbserver < 21.1.16,1 xorg-nextserver < 21.1.16,2 xwayland < 24.1.6 CVE-2025-26594 CVE-2025-26595 CVE-2025-26596 CVE-2025-26597 CVE-2025-26598 CVE-2025-26599 CVE-2025-26600 CVE-2025-26601 https://lists.x.org/archives/xorg-announce/2025-February/003584.html
141f2a22-a6a7-11ef-b282-0c9d92850f7a	xorg server -- _XkbSetCompatMap vulnerability The X.Org project reports: CVE-2024-9632: Heap buffer Heap-based buffer overflow privilege escalation in _XkbSetCompatMap The _XkbSetCompatMap() function attempts to resize the `sym_interpret` buffer. However, It didn't update its size properly. It updated `num_si` only, without updating `size_si`. This may lead to local privilege escalation if the server is run as root or remote code execution (e.g. x11 over ssh). Discovery 2024-10-29 Entry 2024-11-19 xorg-server < 21.1.14,1 xwayland < 24.1.4,1 CVE-2024-9632 https://lists.x.org/archives/xorg-announce/2024-October/003545.html

VuXML ID

Description

f4297478-fa62-11ef-b597-001fc69cd6dc

xorg server -- Multiple vulnerabilities

The X.Org project reports:

CVE-2025-26594: Use-after-free of the root cursor
The root cursor is referenced in the xserver as a global variable. If a client manages to free the root cursor, the internal reference points to freed memory and causes a use-after-free.

CVE-2025-26595: Buffer overflow in XkbVModMaskText()
The code in XkbVModMaskText() allocates a fixed sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code however fails to check the bounds of the buffer correctly and would copy the data regardless of the size, which may lead to a buffer overflow.

CVE-2025-26596: Heap overflow in XkbWriteKeySyms()
The computation of the length in XkbSizeKeySyms() differs from what is actually written in XkbWriteKeySyms(), which may lead to a heap based buffer overflow.

CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey()
If XkbChangeTypesOfKey() is called with 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If later, the same function is called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size.

CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient()
The function GetBarrierDevice() searches for the pointer device based on its device id and returns the matching value, or supposedly NULL if no match was found. However the code will return the last element of the list if no matching device id was found which can lead to out of bounds memory access.

CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow()
The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without the validation of the window tree marked just before, which leaves the validate data partly initialized, and the use of an uninitialized pointer later.

CVE-2025-26600: Use-after-free in PlayReleasedEvents()
When a device is removed while still frozen, the events queued for that device remain while the device itself is freed and replaying the events will cause a use after free.

CVE-2025-26601: Use-after-free in SyncInitTrigger()
When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object. This can be used to cause a use after free when the alarm eventually triggers.

Discovery 2025-02-25
Entry 2025-03-06
xorg-server
xephyr
xorg-vfbserver

< 21.1.16,1

xorg-nextserver

< 21.1.16,2

xwayland

< 24.1.6

CVE-2025-26594
CVE-2025-26595
CVE-2025-26596
CVE-2025-26597
CVE-2025-26598
CVE-2025-26599
CVE-2025-26600
CVE-2025-26601
https://lists.x.org/archives/xorg-announce/2025-February/003584.html

141f2a22-a6a7-11ef-b282-0c9d92850f7a

xorg server -- _XkbSetCompatMap vulnerability

The X.Org project reports:

CVE-2024-9632: Heap buffer Heap-based buffer overflow privilege escalation in _XkbSetCompatMap
The _XkbSetCompatMap() function attempts to resize the `sym_interpret` buffer. However, It didn't update its size properly. It updated `num_si` only, without updating `size_si`. This may lead to local privilege escalation if the server is run as root or remote code execution (e.g. x11 over ssh).

Discovery 2024-10-29
Entry 2024-11-19
xorg-server

< 21.1.14,1

xwayland

< 24.1.4,1

CVE-2024-9632
https://lists.x.org/archives/xorg-announce/2024-October/003545.html