CVE-2025-62229

A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62229.json",
    "cna_assigner": "redhat",
    "cwe_ids": [
        "CWE-416"
    ]
}

References

Affected packages

Git / gitlab.freedesktop.org/xorg/xserver

Affected ranges

Type

GIT

Repo

https://gitlab.freedesktop.org/xorg/xserver

Events

Introduced

2ea973e12f5d954211e1d10085a4c74581b43aca

Fixed

65acc54b7079ad4c01c35ebdde34b3ff9ebd0d2a

Database specific

{
    "extracted_events": [
        {
            "introduced": "1.15.0"
        },
        {
            "fixed": "24.1.9"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

xorg-server-1.*

xorg-server-1.15.0

xorg-server-1.15.99.901

xorg-server-1.15.99.902

xorg-server-1.15.99.903

xorg-server-1.15.99.904

xorg-server-1.16.0

xorg-server-1.16.99.901

xorg-server-1.16.99.902

xorg-server-1.17.0

xorg-server-1.17.99.901

xorg-server-1.17.99.902

xorg-server-1.18.0

xorg-server-1.18.99.2

xorg-server-1.18.99.901

xorg-server-1.18.99.902

xorg-server-1.19.0

xorg-server-1.19.99.901

xorg-server-1.19.99.902

xorg-server-1.19.99.903

xorg-server-1.19.99.904

xorg-server-1.19.99.905

xorg-server-1.20.0

xorg-server-21.*

xorg-server-21.0.99.1

xwayland-24.*

xwayland-24.0.99.901

xwayland-24.0.99.902

xwayland-24.1.0

xwayland-24.1.1

xwayland-24.1.2

xwayland-24.1.3

xwayland-24.1.4

xwayland-24.1.5

xwayland-24.1.6

xwayland-24.1.7

xwayland-24.1.8

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-62229.json"