Fluid Attacks Database

Description

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel10	xorg-x11-server-Xwayland	<0:24.1.5-6.el10_1 \|\| >=0:24.1.9, <0:24.1.9-4.el10_2	0:24.1.9-4.el10_2
rpm rhel6	tigervnc	-	-
rpm rhel9	xorg-x11-server-Xwayland	<0:23.2.7-6.el9_7 \|\| >=0:24.1.9, <0:24.1.9-4.el9_8	0:24.1.9-4.el9_8
rpm rhel7	tigervnc	-	-
rpm rhel8	tigervnc	<0:1.15.0-9.el8_10	0:1.15.0-9.el8_10
rpm rhel9	tigervnc	<0:1.15.0-7.el9_8.1	0:1.15.0-7.el9_8.1
rpm rhel9	xorg-x11-server	<0:1.20.11-34.el9_8	0:1.20.11-34.el9_8
debian 14	xwayland	=2:24.1.6-1 \|\| =2:24.1.8-1 \|\| =2:24.1.9-1 \|\| >=0 <2:24.1.10-1	2:24.1.10-1
debian 12	xwayland	=2:22.1.9-1 \|\| =2:23.1.0-1 \|\| =2:23.1.1-1 \|\| =2:23.2.0-1 \|\| =2:23.2.1-1 \|\| =2:23.2.2-1 \|\| =2:23.2.3-1 \|\| =2:23.2.4-1 \|\| =2:23.2.6-1 \|\| =2:24.0.99.901-1 \|\| =2:24.1.0-1 \|\| =2:24.1.10-1 \|\| =2:24.1.11-1 \|\| =2:24.1.2-1 \|\| =2:24.1.3-1 \|\| =2:24.1.4-1 \|\| =2:24.1.4-2 \|\| =2:24.1.4-3 \|\| =2:24.1.5-1 \|\| =2:24.1.6-1 \|\| =2:24.1.8-1 \|\| =2:24.1.9-1	-
rpm rhel8	xorg-x11-server	<0:1.20.11-28.el8_10	0:1.20.11-28.el8_10

1-10 of 27

Aliases

1. CVE-2026-339992. NVD-2026-339993. OSV-2026-339994. OSV-DEBIAN-2026-339995. SECURITY-TRACKER-CVE-2026-33999

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.