CVE-2025-49180

7.8 HIGH
Published: June 17, 2025 Modified: December 09, 2025
View on NVD

Description

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:10258
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10342
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10343
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10344
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10346
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10347
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10348
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10349
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10350
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10351
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10352
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10355
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10356
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10360
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10370
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10374
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10375
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10376
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10377
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10378
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10381
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10410
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:9303
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:9304
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:9305
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:9306
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:9392
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:9964
Source: secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2025-49180
Source: secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2369981
Source: secalert@redhat.com
https://gitlab.freedesktop.org/xorg/xserver/-/commit/3c3a4b767b16174d3213055947ea7f4f88e10ec6
Source: secalert@redhat.com
https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html
Source: af854a3a-2127-422b-91ae-364da2661108

32 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.8 / 10.0
EPSS (Exploit Probability)
0.0%
8th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-190

Related CVEs

CVE-2025-69261 N/A
CVE-2025-69257 6.7
CVE-2025-69210 N/A
CVE-2025-66823 N/A
CVE-2025-50343 N/A