Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2025-49176

Published: June 18, 2025Last modified: June 25, 2025

Description

A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.

Severity score breakdown

ParameterValue
Base score7.3
Attack VectorLOCAL
Attack complexityLOW
Privileges requiredLOW
User interactionNONE
ScopeUNCHANGED
ConfidentialityLOW
Integrity impactHIGH
Availability impactHIGH
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Notes

Fixed by 21.1.17: https://gitlab.freedesktop.org/xorg/xserver/-/commit/03731b326a80b582e48d939fe62cb1e2b10400d9 Followup 21.1.18: https://gitlab.freedesktop.org/xorg/xserver/-/commit/4fc4d76b2c7aaed61ed2653f997783a3714c4fe1

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSxorg-serverFixed (21.1.18-r0)
Streamxorg-serverFixed (21.1.18-r0)

References

ON THIS PAGE