Fluid Attacks Database

Description

A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the CheckSetGeom() and XkbAddGeomKeyAlias functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel9	tigervnc	<0:1.15.0-7.el9_8.1	0:1.15.0-7.el9_8.1
debian 11	xorg-server	=2:1.20.11-1 \|\| =2:1.20.11-1+deb11u1 \|\| =2:1.20.11-1+deb11u10 \|\| =2:1.20.11-1+deb11u11 \|\| =2:1.20.11-1+deb11u12 \|\| =2:1.20.11-1+deb11u13 \|\| =2:1.20.11-1+deb11u14 \|\| =2:1.20.11-1+deb11u15 \|\| =2:1.20.11-1+deb11u16 \|\| =2:1.20.11-1+deb11u17 \|\| =2:1.20.11-1+deb11u2 \|\| =2:1.20.11-1+deb11u3 \|\| =2:1.20.11-1+deb11u4 \|\| =2:1.20.11-1+deb11u5 \|\| =2:1.20.11-1+deb11u6 \|\| =2:1.20.11-1+deb11u7 \|\| =2:1.20.11-1+deb11u8 \|\| =2:1.20.11-1+deb11u9 \|\| =2:1.20.13-1 \|\| =2:1.20.13-2 \|\| =2:1.20.13-3 \|\| =2:1.20.14-1 \|\| =2:21.1.1-1 \|\| =2:21.1.1-2 \|\| =2:21.1.10-1 \|\| =2:21.1.11-1 \|\| =2:21.1.11-2 \|\| =2:21.1.11-3 \|\| =2:21.1.12-1 \|\| =2:21.1.13-1 \|\| =2:21.1.13-2 \|\| =2:21.1.13-3 \|\| =2:21.1.13-3.1 \|\| =2:21.1.14-1 \|\| =2:21.1.14-2 \|\| =2:21.1.15-1 \|\| =2:21.1.15-2 \|\| =2:21.1.15-3 \|\| =2:21.1.16-1 \|\| =2:21.1.16-1.1 \|\| =2:21.1.16-1.2 \|\| =2:21.1.16-1.3 \|\| =2:21.1.18-1 \|\| =2:21.1.18-2 \|\| =2:21.1.20-1 \|\| =2:21.1.21-1 \|\| =2:21.1.22-1 \|\| =2:21.1.3-1 \|\| =2:21.1.3-2 \|\| =2:21.1.4-1 \|\| =2:21.1.4-2 \|\| =2:21.1.4-3 \|\| =2:21.1.5-1 \|\| =2:21.1.6-1 \|\| =2:21.1.7-1 \|\| =2:21.1.7-2 \|\| =2:21.1.7-3 \|\| =2:21.1.8-1 \|\| =2:21.1.9-1 \|\| =2:21.1.9-1+hurd.1	-
rpm rhel7	tigervnc	-	-
rpm rhel9	xorg-x11-server-Xwayland	-	-
rpm rhel6	xorg-x11-server	-	-
debian 14	xwayland	=2:24.1.6-1 \|\| =2:24.1.8-1 \|\| =2:24.1.9-1 \|\| >=0 <2:24.1.10-1	2:24.1.10-1
debian 12	xwayland	=2:22.1.9-1 \|\| =2:23.1.0-1 \|\| =2:23.1.1-1 \|\| =2:23.2.0-1 \|\| =2:23.2.1-1 \|\| =2:23.2.2-1 \|\| =2:23.2.3-1 \|\| =2:23.2.4-1 \|\| =2:23.2.6-1 \|\| =2:24.0.99.901-1 \|\| =2:24.1.0-1 \|\| =2:24.1.10-1 \|\| =2:24.1.11-1 \|\| =2:24.1.2-1 \|\| =2:24.1.3-1 \|\| =2:24.1.4-1 \|\| =2:24.1.4-2 \|\| =2:24.1.4-3 \|\| =2:24.1.5-1 \|\| =2:24.1.6-1 \|\| =2:24.1.8-1 \|\| =2:24.1.9-1	-
debian 13	xwayland	=2:24.1.10-1 \|\| =2:24.1.11-1 \|\| =2:24.1.6-1 \|\| =2:24.1.8-1 \|\| =2:24.1.9-1	-
debian 12	xorg-server	=2:21.1.7-3 \|\| =2:21.1.7-3+deb12u1 \|\| =2:21.1.7-3+deb12u10 \|\| =2:21.1.7-3+deb12u11 \|\| =2:21.1.7-3+deb12u2 \|\| =2:21.1.7-3+deb12u3 \|\| =2:21.1.7-3+deb12u4 \|\| =2:21.1.7-3+deb12u5 \|\| =2:21.1.7-3+deb12u6 \|\| =2:21.1.7-3+deb12u7 \|\| =2:21.1.7-3+deb12u8 \|\| =2:21.1.7-3+deb12u9 \|\| >=0 <2:21.1.7-3+deb12u12	2:21.1.7-3+deb12u12
debian 13	xorg-server	=2:21.1.16-1.3 \|\| =2:21.1.16-1.3+deb13u1 \|\| >=0 <2:21.1.16-1.3+deb13u2	2:21.1.16-1.3+deb13u2

1-10 of 27

Aliases

1. CVE-2026-340002. NVD-2026-340003. OSV-2026-340004. OSV-DEBIAN-2026-340005. SECURITY-TRACKER-CVE-2026-34000

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.