CVE-2025-49176

Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension

Description

A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.

INFO

Published Date :

2025-06-17T14:49:49.143Z

Last Modified :

2025-12-11T15:34:07.129Z

Source :

redhat

AFFECTED PRODUCTS

The following products are affected by CVE-2025-49176 vulnerability.

Vendors	Products
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Eus Long Life Rhel Tus

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-49176.

URL	Resource
http://www.openwall.com/lists/oss-security/2025/06/18/2
https://access.redhat.com/errata/RHSA-2025:10258
https://access.redhat.com/errata/RHSA-2025:10342
https://access.redhat.com/errata/RHSA-2025:10343
https://access.redhat.com/errata/RHSA-2025:10344
https://access.redhat.com/errata/RHSA-2025:10346
https://access.redhat.com/errata/RHSA-2025:10347
https://access.redhat.com/errata/RHSA-2025:10348
https://access.redhat.com/errata/RHSA-2025:10349
https://access.redhat.com/errata/RHSA-2025:10350
https://access.redhat.com/errata/RHSA-2025:10351
https://access.redhat.com/errata/RHSA-2025:10352
https://access.redhat.com/errata/RHSA-2025:10355
https://access.redhat.com/errata/RHSA-2025:10356
https://access.redhat.com/errata/RHSA-2025:10360
https://access.redhat.com/errata/RHSA-2025:10370
https://access.redhat.com/errata/RHSA-2025:10374
https://access.redhat.com/errata/RHSA-2025:10375
https://access.redhat.com/errata/RHSA-2025:10376
https://access.redhat.com/errata/RHSA-2025:10377
https://access.redhat.com/errata/RHSA-2025:10378
https://access.redhat.com/errata/RHSA-2025:10381
https://access.redhat.com/errata/RHSA-2025:10410
https://access.redhat.com/errata/RHSA-2025:9303
https://access.redhat.com/errata/RHSA-2025:9304
https://access.redhat.com/errata/RHSA-2025:9305
https://access.redhat.com/errata/RHSA-2025:9306
https://access.redhat.com/errata/RHSA-2025:9392
https://access.redhat.com/errata/RHSA-2025:9964
https://access.redhat.com/security/cve/CVE-2025-49176
https://bugzilla.redhat.com/show_bug.cgi?id=2369954
https://gitlab.freedesktop.org/xorg/xserver/-/commit/03731b326a80b582e48d939fe62cb1e2b10400d9
https://gitlab.freedesktop.org/xorg/xserver/-/commit/4fc4d76b2c7aaed61ed2653f997783a3714c4fe1
https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html
https://nvd.nist.gov/vuln/detail/CVE-2025-49176
https://www.cve.org/CVERecord?id=CVE-2025-49176
https://www.x.org/wiki/Development/Security/

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact