Skip to main content

Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2025-49176

HIGH7.3

Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension

Published Jun 17, 2025

Modified 1 months ago

No fix available

Details

A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.

References

WEBhttp://www.openwall.com/lists/oss-security/2025/06/18/2 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:10258 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:10342 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:10343 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:10344 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:10346 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:10347 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:10348 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:10349 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:10350 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:10351 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:10352 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:10355 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:10356 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:10360 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:10370 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:10374 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:10375 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:10376 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:10377 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:10378 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:10381 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:10410 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:9303 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:9304 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:9305 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:9306 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:9392 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:9964 WEBhttps://access.redhat.com/security/cve/CVE-2025-49176 WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2369954 WEBhttps://gitlab.freedesktop.org/xorg/xserver/-/commit/03731b326a80b582e48d939fe62cb1e2b10400d9 WEBhttps://gitlab.freedesktop.org/xorg/xserver/-/commit/4fc4d76b2c7aaed61ed2653f997783a3714c4fe1 WEBhttps://lists.debian.org/debian-lts-announce/2025/06/msg00028.html ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2025-49176 WEBhttps://www.x.org/wiki/Development/Security/

CVSS Analysis

CVSS v3.1

7.3

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

LowC:L

Integrity

HighI:H

Availability

HighA:H

7.3/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Weakness Type (CWE)

Other

Ecosystems

Timeline

PublishedJun 17, 2025

ModifiedDec 11, 2025

CVE-2025-49176 | Mondoo Vulnerability Intelligence