CVE-2025-49180
published 2025-06-17CVE-2025-49180: A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | xorg-server | < xorg-server 2:21.1.7-3+deb12u10 (bookworm) | xorg-server 2:21.1.7-3+deb12u10 (bookworm) |
| debian | xwayland | < xorg-server 2:21.1.7-3+deb12u10 (bookworm) | xorg-server 2:21.1.7-3+deb12u10 (bookworm) |
| msrc | azl3_wayland_1.22.0-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_xorg-x11-server-xwayland_24.1.6-2_on_azure_linux_3.0 | — | — |
| msrc | cbl2_xorg-x11-server_1.20.10-16_on_cbl_mariner_2.0 | — | — |
| x.org | xorg-server | >= 0 < 2:1.20.11-1+deb11u16 | 2:1.20.11-1+deb11u16 |
| x.org | xorg-server | >= 0 < 2:21.1.7-3+deb12u10 | 2:21.1.7-3+deb12u10 |
| x.org | xorg-server | >= 0 < 2:21.1.16-1.2 | 2:21.1.16-1.2 |
| x.org | xorg-server | >= 0 < 2:21.1.16-1.2 | 2:21.1.16-1.2 |
| x.org | xwayland | < 24.1.7 | 24.1.7 |
| x.org | xwayland | >= 0 < 2:24.1.8-1 | 2:24.1.8-1 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH