{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-49180", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-06-03T05:38:02.947Z", "datePublished": "2025-06-17T15:00:18.145Z", "dateUpdated": "2025-06-30T19:55:05.009Z"}, "containers": {"cna": {"title": "Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and reflect (randr) extension", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server-Xwayland", "defaultStatus": "affected", "versions": [{"version": "0:24.1.5-4.el10_0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:10.0"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server", "defaultStatus": "affected", "versions": [{"version": "0:1.20.11-26.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server-Xwayland", "defaultStatus": "affected", "versions": [{"version": "0:21.1.3-18.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.15.0-7.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server", "defaultStatus": "affected", "versions": [{"version": "0:1.20.6-4.el8_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server", "defaultStatus": "affected", "versions": [{"version": "0:1.20.11-31.el9_6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server-Xwayland", "defaultStatus": "affected", "versions": [{"version": "0:23.2.7-4.el9_6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.14.1-8.el9_6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:9303", "name": "RHSA-2025:9303", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:9304", "name": "RHSA-2025:9304", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:9305", "name": "RHSA-2025:9305", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:9306", "name": "RHSA-2025:9306", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:9392", "name": "RHSA-2025:9392", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:9964", "name": "RHSA-2025:9964", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-49180", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369981", "name": "RHBZ#2369981", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2025-06-17T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}], "timeline": [{"lang": "en", "time": "2025-06-03T10:14:53.357000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-06-17T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-06-30T19:55:05.009Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-17T15:36:37.255035Z", "id": "CVE-2025-49180", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T15:36:48.643Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-49180", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-17T15:36:37.255035Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T15:36:41.758Z"}}], "cna": {"title": "Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and reflect (randr) extension", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/o:redhat:enterprise_linux:10.0"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "versions": [{"status": "unaffected", "version": "0:24.1.5-4.el10_0", "lessThan": "*", "versionType": "rpm"}], "packageName": "xorg-x11-server-Xwayland", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:1.20.11-26.el8_10", "lessThan": "*", "versionType": "rpm"}], "packageName": "xorg-x11-server", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:21.1.3-18.el8_10", "lessThan": "*", "versionType": "rpm"}], "packageName": "xorg-x11-server-Xwayland", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:1.15.0-7.el8_10", "lessThan": "*", "versionType": "rpm"}], "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:1.20.11-31.el9_6", "lessThan": "*", "versionType": "rpm"}], "packageName": "xorg-x11-server", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:23.2.7-4.el9_6", "lessThan": "*", "versionType": "rpm"}], "packageName": "xorg-x11-server-Xwayland", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:1.14.1-8.el9_6", "lessThan": "*", "versionType": "rpm"}], "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "xorg-x11-server", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "xorg-x11-server", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2025-06-03T10:14:53.357000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-06-17T00:00:00+00:00", "value": "Made public."}], "datePublic": "2025-06-17T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:9303", "name": "RHSA-2025:9303", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:9304", "name": "RHSA-2025:9304", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:9305", "name": "RHSA-2025:9305", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:9306", "name": "RHSA-2025:9306", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:9392", "name": "RHSA-2025:9392", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-49180", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369981", "name": "RHBZ#2369981", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}], "descriptions": [{"lang": "en", "value": "A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-06-30T08:31:17.278Z"}, "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"}}, "cveMetadata": {"cveId": "CVE-2025-49180", "state": "PUBLISHED", "dateUpdated": "2025-06-30T08:31:17.278Z", "dateReserved": "2025-06-03T05:38:02.947Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-06-17T15:00:18.145Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate."}, {"lang": "es", "value": "Se detect\u00f3 una falla en la extensi\u00f3n RandR, donde la funci\u00f3n RRChangeProviderProperty no valida correctamente la entrada. Este problema provoca un desbordamiento de enteros al calcular el tama\u00f1o total a asignar."}], "id": "CVE-2025-49180", "lastModified": "2025-06-30T20:15:24.940", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2025-06-17T15:15:46.183", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:9303"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:9304"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:9305"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:9306"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:9392"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:9964"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2025-49180"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369981"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:9304", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "xorg-x11-server-Xwayland-0:24.1.5-4.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-06-23T00:00:00Z"}, {"advisory": "RHSA-2025:9305", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "xorg-x11-server-0:1.20.11-26.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-06-23T00:00:00Z"}, {"advisory": "RHSA-2025:9305", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "xorg-x11-server-Xwayland-0:21.1.3-18.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-06-23T00:00:00Z"}, {"advisory": "RHSA-2025:9392", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "tigervnc-0:1.15.0-7.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-06-23T00:00:00Z"}, {"advisory": "RHSA-2025:9964", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "xorg-x11-server-0:1.20.6-4.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-06-30T00:00:00Z"}, {"advisory": "RHSA-2025:9303", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "xorg-x11-server-0:1.20.11-31.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-06-23T00:00:00Z"}, {"advisory": "RHSA-2025:9303", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "xorg-x11-server-Xwayland-0:23.2.7-4.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-06-23T00:00:00Z"}, {"advisory": "RHSA-2025:9306", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "tigervnc-0:1.14.1-8.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-06-23T00:00:00Z"}], "bugzilla": {"description": "xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension", "id": "2369981", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369981"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-190", "details": ["A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.", "A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2025-49180", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "tigervnc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "xorg-x11-server", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "tigervnc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "xorg-x11-server", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2025-06-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-49180\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-49180"], "statement": "This flaw is rated as an important severity because this flaw exists in the RandR extension of the X.Org X server within the RRChangeProviderProperty function, which fails to validate input lengths properly, leads to an integer overflow when calculating the total memory size required for allocation. As a result, subsequent memory operations may write outside the bounds of the allocated buffer, potentially causing memory corruption, application crashes, or arbitrary code execution under certain conditions.", "threat_severity": "Important"}