CVE-2025-49180
HIGH7.8EPSS 0.15%Published: 6/17/2025Modified: 4/28/2026
Description
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
Affected packages (2)
- Debian/xorg-serverfrom 0, < 2:1.20.11-1+deb11u16
- Debian/xwaylandfrom 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |