DEBIAN-CVE-2025-49180

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2025-49180

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-49180.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-49180

Upstream

CVE-2025-49180

Published

2025-06-17T15:15:46.183Z

Modified

2025-11-20T10:18:23.552243Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.

References

https://security-tracker.debian.org/tracker/CVE-2025-49180

Affected packages

Debian:11

xorg-server

Package

Name: xorg-server
Purl: pkg:deb/debian/xorg-server?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:1.20.11-1+deb11u16

Affected versions

2:1.*

2:1.20.11-1

2:1.20.11-1+deb11u1

2:1.20.11-1+deb11u2

2:1.20.11-1+deb11u3

2:1.20.11-1+deb11u4

2:1.20.11-1+deb11u5

2:1.20.11-1+deb11u6

2:1.20.11-1+deb11u7

2:1.20.11-1+deb11u8

2:1.20.11-1+deb11u9

2:1.20.11-1+deb11u10

2:1.20.11-1+deb11u11

2:1.20.11-1+deb11u12

2:1.20.11-1+deb11u13

2:1.20.11-1+deb11u14

2:1.20.11-1+deb11u15

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-49180.json"

Debian:12

xorg-server

Package

Name: xorg-server
Purl: pkg:deb/debian/xorg-server?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:21.1.7-3+deb12u10

Affected versions

2:21.*

2:21.1.7-3

2:21.1.7-3+deb12u1

2:21.1.7-3+deb12u2

2:21.1.7-3+deb12u3

2:21.1.7-3+deb12u4

2:21.1.7-3+deb12u5

2:21.1.7-3+deb12u6

2:21.1.7-3+deb12u7

2:21.1.7-3+deb12u8

2:21.1.7-3+deb12u9

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-49180.json"

xwayland

Package

Name: xwayland
Purl: pkg:deb/debian/xwayland?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:22.*

2:22.1.9-1

2:23.*

2:23.1.0-1

2:23.1.1-1

2:23.2.0-1

2:23.2.1-1

2:23.2.2-1

2:23.2.3-1

2:23.2.4-1

2:23.2.6-1

2:24.*

2:24.0.99.901-1

2:24.1.0-1

2:24.1.2-1

2:24.1.3-1

2:24.1.4-1

2:24.1.4-2

2:24.1.4-3

2:24.1.5-1

2:24.1.6-1

2:24.1.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-49180.json"

Debian:13

xorg-server

Package

Name: xorg-server
Purl: pkg:deb/debian/xorg-server?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:21.1.16-1.2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-49180.json"

xwayland

Package

Name: xwayland
Purl: pkg:deb/debian/xwayland?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:24.*

2:24.1.6-1

2:24.1.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-49180.json"

Debian:14

xorg-server

Package

Name: xorg-server
Purl: pkg:deb/debian/xorg-server?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:21.1.16-1.2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-49180.json"

xwayland

Package

Name: xwayland
Purl: pkg:deb/debian/xwayland?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:24.1.8-1

Affected versions

2:24.*

2:24.1.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-49180.json"