CVE-2025-49180

Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and reflect (randr) extension

Description

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.

INFO

Published Date :

2025-06-17T15:00:18.145Z

Last Modified :

2025-12-11T15:34:17.950Z

Source :

redhat

AFFECTED PRODUCTS

The following products are affected by CVE-2025-49180 vulnerability.

Vendors	Products
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Eus Long Life Rhel Tus

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-49180.

URL	Resource
https://access.redhat.com/errata/RHSA-2025:10258
https://access.redhat.com/errata/RHSA-2025:10342
https://access.redhat.com/errata/RHSA-2025:10343
https://access.redhat.com/errata/RHSA-2025:10344
https://access.redhat.com/errata/RHSA-2025:10346
https://access.redhat.com/errata/RHSA-2025:10347
https://access.redhat.com/errata/RHSA-2025:10348
https://access.redhat.com/errata/RHSA-2025:10349
https://access.redhat.com/errata/RHSA-2025:10350
https://access.redhat.com/errata/RHSA-2025:10351
https://access.redhat.com/errata/RHSA-2025:10352
https://access.redhat.com/errata/RHSA-2025:10355
https://access.redhat.com/errata/RHSA-2025:10356
https://access.redhat.com/errata/RHSA-2025:10360
https://access.redhat.com/errata/RHSA-2025:10370
https://access.redhat.com/errata/RHSA-2025:10374
https://access.redhat.com/errata/RHSA-2025:10375
https://access.redhat.com/errata/RHSA-2025:10376
https://access.redhat.com/errata/RHSA-2025:10377
https://access.redhat.com/errata/RHSA-2025:10378
https://access.redhat.com/errata/RHSA-2025:10381
https://access.redhat.com/errata/RHSA-2025:10410
https://access.redhat.com/errata/RHSA-2025:9303
https://access.redhat.com/errata/RHSA-2025:9304
https://access.redhat.com/errata/RHSA-2025:9305
https://access.redhat.com/errata/RHSA-2025:9306
https://access.redhat.com/errata/RHSA-2025:9392
https://access.redhat.com/errata/RHSA-2025:9964
https://access.redhat.com/security/cve/CVE-2025-49180
https://bugzilla.redhat.com/show_bug.cgi?id=2369981
https://gitlab.freedesktop.org/xorg/xserver/-/commit/3c3a4b767b16174d3213055947ea7f4f88e10ec6
https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html
https://nvd.nist.gov/vuln/detail/CVE-2025-49180
https://www.cve.org/CVERecord?id=CVE-2025-49180

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact