CVE-2025-49180

NameCVE-2025-49180
DescriptionA flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-4230-1, DSA-5947-1
Debian Bugs1108369

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xorg-server (PTS)bullseye2:1.20.11-1+deb11u13vulnerable
bullseye (security)2:1.20.11-1+deb11u16fixed
bookworm2:21.1.7-3+deb12u9vulnerable
bookworm (security)2:21.1.7-3+deb12u10fixed
sid, trixie2:21.1.16-1.3fixed
xwayland (PTS)bookworm2:22.1.9-1vulnerable
sid, trixie2:24.1.6-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xorg-serversourcebullseye2:1.20.11-1+deb11u16DLA-4230-1
xorg-serversourcebookworm2:21.1.7-3+deb12u10DSA-5947-1
xorg-serversource(unstable)2:21.1.16-1.2
xwaylandsource(unstable)(unfixed)1108369

Notes

[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/3c3a4b767b16174d3213055947ea7f4f88e10ec6
Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0235121c6a7a6eb247e2addb3b41ed6ef566853d
Search for package or bug name: Reporting problems