CVE Catalog

CVE-2026-34000

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Summary

A flaw was found in the X.Org X server that allows for out-of-bounds memory read in XKB geometry processing. An attacker can exploit this vulnerability to read uninitialized memory or out-of-bounds memory, potentially leading to memory disclosure or server crashes.

Risk Assessment

This vulnerability poses a risk of sensitive data disclosure or disruption of the X11 server's operation, which could affect service availability within the organization.

Recommendation

It is recommended to update the X.Org X server to the latest version to mitigate this vulnerability and to monitor server logs for potential attack attempts.

Original NVD description (English source)

A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS