FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-09-12 16:46:14 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
8df49466-5664-11f0-943a-18c04d5ea3dc	xorg server -- Multiple vulnerabilities The X.Org project reports: CVE-2025-49176: Integer overflow in Big Requests Extension The Big Requests extension allows requests larger than the 16-bit length limit. It uses integers for the request length and checks for the size not to exceed the maxBigRequestSize limit, but does so after translating the length to integer by multiplying the given size in bytes by 4. In doing so, it might overflow the integer size limit before actually checking for the overflow, defeating the purpose of the test. Discovery 2025-06-17 Entry 2025-07-01 xorg-server xephyr xorg-vfbserver < 21.1.18,1 xorg-nextserver < 21.1.18,2 xwayland < 24.1.8,1 CVE-2025-49176 https://lists.x.org/archives/xorg/2025-June/062055.html
b14cabf7-5663-11f0-943a-18c04d5ea3dc	xorg server -- Multiple vulnerabilities The X.Org project reports: CVE-2025-49175: Out-of-bounds access in X Rendering extension (Animated cursors) The X Rendering extension allows creating animated cursors providing a list of cursors. By default, the Xserver assumes at least one cursor is provided while a client may actually pass no cursor at all, which causes an out-of-bound read creating the animated cursor and a crash of the Xserver. CVE-2025-49177: Data leak in XFIXES Extension 6 (XFixesSetClientDisconnectMode) The handler of XFixesSetClientDisconnectMode does not check the client request length. A client could send a shorter request and read data from a former request. CVE-2025-49178: Unprocessed client request via bytes to ignore When reading requests from the clients, the input buffer might be shared and used between different clients. If a given client sends a full request with non-zero bytes to ignore, the bytes to ignore may still be non-zero even though the request is full, in which case the buffer could be shared with another client who's request will not be processed because of those bytes to ignore, leading to a possible hang of the other client request. CVE-2025-49179: Integer overflow in X Record extension The RecordSanityCheckRegisterClients() function in the X Record extension implementation of the Xserver checks for the request length, but does not check for integer overflow. A client might send a very large value for either the number of clients or the number of protocol ranges that will cause an integer overflow in the request length computation, defeating the check for request length. CVE-2025-49180: Integer overflow in RandR extension (RRChangeProviderProperty) A client might send a request causing an integer overflow when computing the total size to allocate in RRChangeProviderProperty(). Discovery 2025-06-17 Entry 2025-07-01 xorg-server xephyr xorg-vfbserver < 21.1.17,1 xorg-nextserver < 21.1.17,2 xwayland < 24.1.7,1 CVE-2025-49175 CVE-2025-49177 CVE-2025-49178 CVE-2025-49179 CVE-2025-49180 https://lists.x.org/archives/xorg/2025-June/062055.html

VuXML ID

Description

8df49466-5664-11f0-943a-18c04d5ea3dc

xorg server -- Multiple vulnerabilities

The X.Org project reports:

CVE-2025-49176: Integer overflow in Big Requests Extension
The Big Requests extension allows requests larger than the 16-bit length limit. It uses integers for the request length and checks for the size not to exceed the maxBigRequestSize limit, but does so after translating the length to integer by multiplying the given size in bytes by 4. In doing so, it might overflow the integer size limit before actually checking for the overflow, defeating the purpose of the test.

Discovery 2025-06-17
Entry 2025-07-01
xorg-server
xephyr
xorg-vfbserver

< 21.1.18,1

xorg-nextserver

< 21.1.18,2

xwayland

< 24.1.8,1

CVE-2025-49176
https://lists.x.org/archives/xorg/2025-June/062055.html

b14cabf7-5663-11f0-943a-18c04d5ea3dc

xorg server -- Multiple vulnerabilities

The X.Org project reports:

CVE-2025-49175: Out-of-bounds access in X Rendering extension (Animated cursors)
The X Rendering extension allows creating animated cursors providing a list of cursors. By default, the Xserver assumes at least one cursor is provided while a client may actually pass no cursor at all, which causes an out-of-bound read creating the animated cursor and a crash of the Xserver.

CVE-2025-49177: Data leak in XFIXES Extension 6 (XFixesSetClientDisconnectMode)
The handler of XFixesSetClientDisconnectMode does not check the client request length. A client could send a shorter request and read data from a former request.

CVE-2025-49178: Unprocessed client request via bytes to ignore
When reading requests from the clients, the input buffer might be shared and used between different clients. If a given client sends a full request with non-zero bytes to ignore, the bytes to ignore may still be non-zero even though the request is full, in which case the buffer could be shared with another client who's request will not be processed because of those bytes to ignore, leading to a possible hang of the other client request.

CVE-2025-49179: Integer overflow in X Record extension
The RecordSanityCheckRegisterClients() function in the X Record extension implementation of the Xserver checks for the request length, but does not check for integer overflow. A client might send a very large value for either the number of clients or the number of protocol ranges that will cause an integer overflow in the request length computation, defeating the check for request length.

CVE-2025-49180: Integer overflow in RandR extension (RRChangeProviderProperty)
A client might send a request causing an integer overflow when computing the total size to allocate in RRChangeProviderProperty().

Discovery 2025-06-17
Entry 2025-07-01
xorg-server
xephyr
xorg-vfbserver

< 21.1.17,1

xorg-nextserver

< 21.1.17,2

xwayland

< 24.1.7,1

CVE-2025-49175
CVE-2025-49177
CVE-2025-49178
CVE-2025-49179
CVE-2025-49180
https://lists.x.org/archives/xorg/2025-June/062055.html