CVE-2025-49180

NameCVE-2025-49180
DescriptionA flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-4230-1, DSA-5947-1
Debian Bugs1108369

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xorg-server (PTS)bullseye2:1.20.11-1+deb11u13vulnerable
bullseye (security)2:1.20.11-1+deb11u16fixed
bookworm, bookworm (security)2:21.1.7-3+deb12u10fixed
trixie2:21.1.16-1.3fixed
forky, sid2:21.1.18-2fixed
xwayland (PTS)bookworm2:22.1.9-1vulnerable
trixie2:24.1.6-1vulnerable
forky, sid2:24.1.8-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xorg-serversourcebullseye2:1.20.11-1+deb11u16DLA-4230-1
xorg-serversourcebookworm2:21.1.7-3+deb12u10DSA-5947-1
xorg-serversource(unstable)2:21.1.16-1.2
xwaylandsource(unstable)2:24.1.8-11108369

Notes

[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/3c3a4b767b16174d3213055947ea7f4f88e10ec6
Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0235121c6a7a6eb247e2addb3b41ed6ef566853d
Search for package or bug name: Reporting problems