FKIE_CVE-2025-49180

Vulnerability from fkie_nvd - Published: 2025-06-17 15:15 - Updated: 2025-12-09 23:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:10258
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:10342
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:10343
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:10344
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:10346
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:10347
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:10348
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:10349
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:10350
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:10351
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:10352
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:10355
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:10356
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:10360
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:10370
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:10374
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:10375
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:10376
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:10377
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:10378
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:10381
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:10410
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:9303
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:9304
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:9305
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:9306
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:9392
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:9964
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2025-49180
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2369981
secalert@redhat.comhttps://gitlab.freedesktop.org/xorg/xserver/-/commit/3c3a4b767b16174d3213055947ea7f4f88e10ec6
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una falla en la extensi\u00f3n RandR, donde la funci\u00f3n RRChangeProviderProperty no valida correctamente la entrada. Este problema provoca un desbordamiento de enteros al calcular el tama\u00f1o total a asignar."
    }
  ],
  "id": "CVE-2025-49180",
  "lastModified": "2025-12-09T23:15:49.383",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-17T15:15:46.183",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:10258"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:10342"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:10343"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:10344"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:10346"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:10347"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:10348"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:10349"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:10350"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:10351"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:10352"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:10355"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:10356"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:10360"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:10370"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:10374"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:10375"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:10376"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:10377"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:10378"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:10381"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:10410"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:9303"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:9304"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:9305"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:9306"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:9392"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:9964"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2025-49180"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369981"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/3c3a4b767b16174d3213055947ea7f4f88e10ec6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.