vulnerability

Ubuntu: (Multiple Advisories) (CVE-2025-49180): X.Org X Server vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:S/C:C/I:C/A:C)	Jun 17, 2025	Jun 18, 2025	Apr 16, 2026

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

Jun 17, 2025

Added

Jun 18, 2025

Modified

Apr 16, 2026

Description

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.

Solutions

ubuntu-pro-upgrade-xserver-xorg-coreubuntu-pro-upgrade-xserver-xorg-core-hwe-16-04ubuntu-pro-upgrade-xserver-xorg-core-hwe-18-04ubuntu-pro-upgrade-xwaylandubuntu-pro-upgrade-xwayland-hwe-16-04ubuntu-pro-upgrade-xwayland-hwe-18-04ubuntu-upgrade-xserver-xorg-coreubuntu-upgrade-xwayland

References

CVE-2025-49180
https://attackerkb.com/topics/CVE-2025-49180
CWE-190
EUVD-EUVD-2025-18511
UBUNTU-USN-7573-1
UBUNTU-USN-7573-2
https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-18511
https://ubuntu.com/security/notices/USN-7573-1
https://www.cve.org/CVERecord?id=CVE-2025-49180

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report