CVE-2025-49176Integer Overflow or Wraparound in Xwayland

CWE-190Integer Overflow or Wraparound11 documents8 sources
Severity
7.3HIGHNVD
EPSS
0.2%
top 55.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
X.org XwaylandX.org Xorg-server
Timeline
PublishedJun 17
Latest updateJul 8

Description

A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:HExploitability: 1.8 | Impact: 5.5

Affected Packages3 packages

CVEListV5x.org/xwayland< 24.1.7
Debianx.org/xwayland< 2:24.1.8-1
Debianx.org/xorg-server< 2:1.20.11-1+deb11u16+3

🔴Vulnerability Details

5
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities2025-07-08
OSV
linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips vulnerabilities2025-07-08
CVEList
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension2025-06-17
GHSA
GHSA-c5wx-c74v-9c3g: A flaw was found in the Big Requests extension2025-06-17
OSV
CVE-2025-49176: A flaw was found in the Big Requests extension2025-06-17

📋Vendor Advisories

5
Ubuntu
X.Org X Server vulnerabilities2025-06-18
Ubuntu
X.Org X Server vulnerabilities2025-06-17
Red Hat
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests Extension2025-06-17
Microsoft
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension2025-06-10
Debian
CVE-2025-49176: xorg-server - A flaw was found in the Big Requests extension. The request length is multiplied...2025
CVE-2025-49176 — Integer Overflow or Wraparound | cvebase