CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-49180: Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and reflect (randr) extension

Description

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.

Classification

CVE ID: CVE-2025-49180

Problem Types

Integer Overflow or Wraparound

Affected Products

Vendor: Red Hat

Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 1.4% (scored less or equal to compared to others)

EPSS Date: 2025-06-23 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-49180
https://access.redhat.com/security/cve/CVE-2025-49180
https://bugzilla.redhat.com/show_bug.cgi?id=2369981

Timeline

2025-06-17 16:40:22 UTC
CVE

Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and reflect (randr) extension