CVE-2025-49177

Опубликовано: 17 июн. 2025

Источник: debian

EPSS Низкий

Описание

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
xorg-server	fixed	2:21.1.16-1.2		package
xorg-server	not-affected		bullseye	package
xwayland	fixed	2:24.1.8-1		package
xwayland	ignored		trixie	package
xwayland	ignored		bookworm	package

Примечания

Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/ab02fb96b1c701c3bb47617d965522c34befa6af

EPSS

Процентиль: 5%

0.00025

Низкий

Связанные уязвимости

CVE-2025-49177

CVSS3: 6.1

ubuntu

5 месяцев назад

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.

CVE-2025-49177

CVSS3: 6.1

redhat

5 месяцев назад

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.

CVE-2025-49177

CVSS3: 6.1

nvd

5 месяцев назад

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.

CVE-2025-49177

CVSS3: 6.1

msrc

3 месяца назад

Описание отсутствует

GHSA-pw35-9xmg-v8xw

CVSS3: 5.5

github

5 месяцев назад

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.

EPSS

Процентиль: 5%

0.00025

Низкий