CVE-2025-49180

CWE-190 — Integer Overflow9 documents8 sources

Severity

7.8HIGH

EPSS

0.2%

top 63.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xwayland

Timeline

PublishedJun 17

Latest updateJun 18

Description

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5x.org/xwayland< 24.1.7

▶Debianxwayland< 2:24.1.8-1

▶Debianxorg-server< 2:1.20.11-1+deb11u16+3

🔴Vulnerability Details

GHSA

GHSA-gpcr-p5wh-5x85: A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input↗2025-06-17

▶

CVEList

Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and reflect (randr) extension↗2025-06-17

▶

OSV

CVE-2025-49180: A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input↗2025-06-17

▶

📋Vendor Advisories

Ubuntu

X.Org X Server vulnerabilities↗2025-06-18

▶

Ubuntu

X.Org X Server vulnerabilities↗2025-06-17

▶

Red Hat

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension↗2025-06-17

▶

Microsoft

Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and reflect (randr) extension↗2025-06-10

▶

Debian

CVE-2025-49180: xorg-server - A flaw was found in the RandR extension, where the RRChangeProviderProperty func...↗2025

▶