Описание
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
Отчет
This flaw is rated as an important severity because this flaw exists in the RandR extension of the X.Org X server within the RRChangeProviderProperty function, which fails to validate input lengths properly, leads to an integer overflow when calculating the total memory size required for allocation. As a result, subsequent memory operations may write outside the bounds of the allocated buffer, potentially causing memory corruption, application crashes, or arbitrary code execution under certain conditions.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | xorg-x11-server | Will not fix | ||
| Red Hat Enterprise Linux 10 | xorg-x11-server-Xwayland | Fixed | RHSA-2025:9304 | 23.06.2025 |
| Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION | tigervnc | Fixed | RHSA-2025:10377 | 07.07.2025 |
| Red Hat Enterprise Linux 7.7 Advanced Update Support | tigervnc | Fixed | RHSA-2025:10376 | 07.07.2025 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | xorg-x11-server | Fixed | RHSA-2025:10360 | 07.07.2025 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | tigervnc | Fixed | RHSA-2025:10375 | 07.07.2025 |
| Red Hat Enterprise Linux 8 | xorg-x11-server | Fixed | RHSA-2025:9305 | 23.06.2025 |
| Red Hat Enterprise Linux 8 | xorg-x11-server-Xwayland | Fixed | RHSA-2025:9305 | 23.06.2025 |
| Red Hat Enterprise Linux 8 | tigervnc | Fixed | RHSA-2025:9392 | 23.06.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | tigervnc | Fixed | RHSA-2025:10378 | 07.07.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
A flaw was found in the RandR extension, where the RRChangeProviderPro ...
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
Уязвимость функции RRChangeProviderProperty() сервера X Window System Xorg-server, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.8 High
CVSS3