CVE-2025-49180 HIGH

CVE-2025-49180: Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and reflect (randr) extension

Vendor X.org
Product xwayland
Weakness CWE-190
Published June 17, 2025
Last update December 11, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.

Key dates

02Disclosure timeline

June 17, 2025 CVE published
December 11, 2025 Record updated