CVE-2025-49180
Public on 2025-06-17
Modified on 2025-06-20
Description
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
Severity
See what this means
CVSS v3 Base Score
See breakdown
Affected Packages
Platform | Package | Release Date | Advisory | Status |
---|---|---|---|---|
Amazon Linux 2 - Core | tigervnc | Pending Fix | ||
Amazon Linux 2023 | tigervnc | Pending Fix | ||
Amazon Linux 1 | xorg-x11-server | No Fix Planned | ||
Amazon Linux 2 - Core | xorg-x11-server | Pending Fix | ||
Amazon Linux 2023 | xorg-x11-server | Pending Fix | ||
Amazon Linux 2023 | xorg-x11-server-Xwayland | Pending Fix |
CVSS Scores
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 6.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
NVD | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |