Bug#1108369: xwayland: CVE-2025-49175 CVE-2025-49176 CVE-2025-49177 CVE-2025-49178 CVE-2025-49179 CVE-2025-49180
Source: xwayland
Version: 2:24.1.6-1
Severity: normal
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerabilities were published for xwayland.
CVE-2025-49175[0]:
| A flaw was found in the X Rendering extension's handling of animated
| cursors. If a client provides no cursors, the server assumes at
| least one is present, leading to an out-of-bounds read and potential
| crash.
CVE-2025-49176[1]:
| A flaw was found in the Big Requests extension. The request length
| is multiplied by 4 before checking against the maximum allowed size,
| potentially causing an integer overflow and bypassing the size
| check.
CVE-2025-49177[2]:
| A flaw was found in the XFIXES extension. The
| XFixesSetClientDisconnectMode handler does not validate the request
| length, allowing a client to read unintended memory from previous
| requests.
CVE-2025-49178[3]:
| A flaw was found in the X server's request handling. Non-zero 'bytes
| to ignore' in a client's request can cause the server to skip
| processing another client's request, potentially leading to a denial
| of service.
CVE-2025-49179[4]:
| A flaw was found in the X Record extension. The
| RecordSanityCheckRegisterClients function does not check for an
| integer overflow when computing request length, which allows a
| client to bypass length checks.
CVE-2025-49180[5]:
| A flaw was found in the RandR extension, where the
| RRChangeProviderProperty function does not properly validate input.
| This issue leads to an integer overflow when computing the total
| size to allocate.
there is still the [6] change with the addition by Timo, which still
would be great to make it into trixie, in particular then we can start
not considering xwayland CVEs as well for tracking.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-49175
https://www.cve.org/CVERecord?id=CVE-2025-49175
[1] https://security-tracker.debian.org/tracker/CVE-2025-49176
https://www.cve.org/CVERecord?id=CVE-2025-49176
[2] https://security-tracker.debian.org/tracker/CVE-2025-49177
https://www.cve.org/CVERecord?id=CVE-2025-49177
[3] https://security-tracker.debian.org/tracker/CVE-2025-49178
https://www.cve.org/CVERecord?id=CVE-2025-49178
[4] https://security-tracker.debian.org/tracker/CVE-2025-49179
https://www.cve.org/CVERecord?id=CVE-2025-49179
[5] https://security-tracker.debian.org/tracker/CVE-2025-49180
https://www.cve.org/CVERecord?id=CVE-2025-49180
[6] https://salsa.debian.org/xorg-team/wayland/xwayland/-/commit/84145e011fb98fea74878e07335bd22e9bfed531
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply to: