X.org Xwayland
10 CVEs affecting X.org Xwayland. Latest disclosed: 2025-10-30. Critical: 0, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-49180 | High | 7.8 | 2025-06-17 | A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow… |
CVE-2025-26597 | High | 7.8 | 2025-02-25 | A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave… |
CVE-2025-62229 | High | 7.3 | 2025-10-30 | A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation c… |
CVE-2025-62230 | High | 7.3 | 2025-10-30 | A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures with… |
CVE-2025-62231 | High | 7.3 | 2025-10-30 | A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned… |
CVE-2025-49179 | High | 7.3 | 2025-06-17 | A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length… |
CVE-2025-49176 | High | 7.3 | 2025-06-17 | A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an… |
CVE-2025-49177 | Medium | 6.1 | 2025-06-17 | A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended… |
CVE-2025-49175 | Medium | 6.1 | 2025-06-17 | A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, lead… |
CVE-2025-49178 | Medium | 5.5 | 2025-06-17 | A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's… |