EUVD-2025-18511

| CVE-2025-49180 HIGH
2025-06-17 [email protected]
Buffer Overflow Redhat Suse
7.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 14, 2026 - 22:15 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 22:15 euvd
EUVD-2025-18511
CVE Published
Jun 17, 2025 - 15:15 nvd
HIGH 7.8

DescriptionNVD

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.

AnalysisAI

CVE-2025-49180 is an integer overflow vulnerability in the RandR (Resize and Rotate) X11 extension's RRChangeProviderProperty function that fails to properly validate input parameters. This allows a local, unprivileged attacker to trigger memory allocation failures or heap corruption, potentially leading to privilege escalation or denial of service on X11-based systems. The vulnerability requires local access and low privileges to exploit, making it a significant risk for multi-user systems and shared computing environments.

Technical ContextAI

The RandR extension is part of the X Window System (X11/Xorg) and provides display configuration capabilities including resolution changes and output property management. The RRChangeProviderProperty function processes provider property changes but fails to validate integer calculations when computing total memory allocation size. This is a classic CWE-190 (Integer Overflow or Wraparound) vulnerability where insufficient bounds checking allows an attacker to specify property values that, when multiplied by item counts or sizes, exceed integer limits and wrap to small values. This causes the allocation of insufficient memory, leading to heap buffer overflows when the actual data is written. Affected systems run X.Org Server or compatible implementations that include the RandR extension (standard on most Linux distributions and Unix variants with graphical displays).

RemediationAI

Apply security updates from your distribution: (1) Linux distributions should update xorg-server package to patched versions released by their respective security teams; (2) Check vendor advisories from Red Hat, Canonical, SUSE, Debian, and Fedora for specific patched versions; (3) For systems that cannot be immediately patched, restrict access to the X11 display/socket to trusted users only via file permissions and xhost controls; (4) Disable RandR extension if not required by setting 'Option "RandR" "off"' in xorg.conf, though this limits display management capabilities; (5) Run untrusted applications in containerized/virtualized environments with restricted access to display systems; (6) Monitor system logs for suspicious property change requests. Patches should be available from upstream X.Org Server and backported to all active distribution branches within days of CVE announcement.

Vendor StatusVendor

Ubuntu

Priority: Medium
xorg-server
Release Status Version
jammy released 2:21.1.4-2ubuntu1.7~22.04.15
noble released 2:21.1.12-1ubuntu1.4
oracular released 2:21.1.13-2ubuntu1.4
plucky released 2:21.1.16-1ubuntu1.1
trusty needs-triage -
upstream released 21.1.17
bionic released 2:1.19.6-1ubuntu4.15+esm13
focal released 2:1.20.13-1ubuntu1~20.04.20+esm1
xenial released 2:1.18.4-0ubuntu0.12+esm18
questing released 2:21.1.18-1ubuntu1
xwayland
Release Status Version
jammy released 2:22.1.1-1ubuntu0.19
noble released 2:23.2.6-1ubuntu0.6
oracular released 2:24.1.2-1ubuntu0.6
plucky released 2:24.1.6-1ubuntu0.1
upstream released 24.1.7
questing released 2:24.1.6-1ubuntu1
xorg
Release Status Version
xenial not-affected code not present
bionic not-affected code not present
focal not-affected code not present
jammy not-affected code not present
noble not-affected code not present
oracular not-affected code not present
plucky not-affected code not present
upstream not-affected -
questing not-affected code not present
xorg-server-hwe-16.04
Release Status Version
jammy DNE -
noble DNE -
oracular DNE -
plucky DNE -
upstream needs-triage -
xenial released 2:1.19.6-1ubuntu4.1~16.04.6+esm10
questing DNE -
xorg-server-hwe-18.04
Release Status Version
jammy DNE -
noble DNE -
oracular DNE -
plucky DNE -
upstream needs-triage -
bionic released 2:1.20.8-2ubuntu2.2~18.04.11+esm5
questing DNE -
xorg-hwe-16.04
Release Status Version
xenial not-affected code not present
jammy DNE -
noble DNE -
oracular DNE -
plucky DNE -
upstream not-affected -
questing DNE -
xorg-hwe-18.04
Release Status Version
bionic not-affected code not present
jammy DNE -
noble DNE -
oracular DNE -
plucky DNE -
upstream not-affected -
questing DNE -
USN-7573-2 USN-7573-1

Debian

Bug #1108369
xorg-server
Release Status Fixed Version Urgency
bullseye fixed 2:1.20.11-1+deb11u16 -
bullseye (security) fixed 2:1.20.11-1+deb11u17 -
bookworm, bookworm (security) fixed 2:21.1.7-3+deb12u11 -
trixie (security), trixie fixed 2:21.1.16-1.3+deb13u1 -
forky, sid fixed 2:21.1.21-1 -
bookworm fixed 2:21.1.7-3+deb12u10 -
(unstable) fixed 2:21.1.16-1.2 -
xwayland
Release Status Fixed Version Urgency
bookworm vulnerable 2:22.1.9-1 -
trixie vulnerable 2:24.1.6-1 -
forky, sid fixed 2:24.1.9-1 -
(unstable) fixed 2:24.1.8-1 -
DLA-4230-1 DSA-5947-1

Share

EUVD-2025-18511 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy