2369981 – (CVE-2025-49180) CVE-2025-49180 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension

Bug 2369981 (CVE-2025-49180) - CVE-2025-49180 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension

Summary: CVE-2025-49180 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer O...

Keywords:
Status:	NEW
Alias:	CVE-2025-49180
Deadline:	2025-06-17
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-06-03 10:17 UTC by OSIDB Bzimport
Modified:	2025-06-23 14:05 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2025:9303	None	None	None	2025-06-23 02:50:57 UTC
Red Hat Product Errata	RHSA-2025:9304	None	None	None	2025-06-23 01:27:38 UTC
Red Hat Product Errata	RHSA-2025:9305	None	None	None	2025-06-23 02:36:11 UTC
Red Hat Product Errata	RHSA-2025:9306	None	None	None	2025-06-23 01:58:32 UTC
Red Hat Product Errata	RHSA-2025:9392	None	None	None	2025-06-23 14:05:29 UTC

Description OSIDB Bzimport 2025-06-03 10:17:59 UTC

Integer Overflow vulnerability in the RandR extension's RRChangeProviderProperty function. Improper validation allows clients to cause integer overflows during memory allocation calculations, potentially leading to memory corruption.

Comment 4 errata-xmlrpc 2025-06-23 01:27:37 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:9304 https://access.redhat.com/errata/RHSA-2025:9304

Comment 5 errata-xmlrpc 2025-06-23 01:58:31 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:9306 https://access.redhat.com/errata/RHSA-2025:9306

Comment 6 errata-xmlrpc 2025-06-23 02:36:10 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:9305 https://access.redhat.com/errata/RHSA-2025:9305

Comment 7 errata-xmlrpc 2025-06-23 02:50:56 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:9303 https://access.redhat.com/errata/RHSA-2025:9303

Comment 8 errata-xmlrpc 2025-06-23 14:05:27 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:9392 https://access.redhat.com/errata/RHSA-2025:9392

Note You need to log in before you can comment on or make changes to this bug.