CVE-2025-49180
Public on 2025-06-17
Modified on 2025-06-20
Description
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | tigervnc | 2025-07-10 | ALAS2-2025-2917 | Fixed |
| Amazon Linux 2023 | tigervnc | 2025-07-10 | ALAS2023-2025-1060 | Fixed |
| Amazon Linux 1 | xorg-x11-server | No Fix Planned | ||
| Amazon Linux 2 - Core | xorg-x11-server | 2025-07-10 | ALAS2-2025-2918 | Fixed |
| Amazon Linux 2023 | xorg-x11-server | 2025-07-10 | ALAS2023-2025-1061 | Fixed |
| Amazon Linux 2023 | xorg-x11-server-Xwayland | 2025-07-10 | ALAS2023-2025-1062 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 6.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| NVD | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |