CVE-2025-49175

MEDIUM

X Rendering - Memory Corruption

Title source: llm

Description

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.

References (34)

Core 34

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10258

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10342

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10343

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10344

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10346

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10347

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10348

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10349

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10350

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10351

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10352

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10355

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10356

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10360

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10370

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10374

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10375

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10376

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10377

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10378

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10381

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10410

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9303

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9304

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9305

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9306

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9392

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9964

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2025-49175

Mailing List

https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html

Patch

https://gitlab.freedesktop.org/xorg/xserver/-/commit/0885e0b26225c90534642fe911632ec0779eebee

Issue Tracking

https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2024

Third Party Advisory

https://www.x.org/wiki/Development/Security/

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2369947

Scores

CVSS v3 6.1

EPSS 0.0018

EPSS Percentile 38.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (47)

Red Hat/Red Hat Enterprise Linux 10 0:24.1.5-4.el10_0

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION 0:1.1.0-25.el6_10.1

Red Hat/Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:1.20.4-32.el7_9

Red Hat/Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:1.8.0-36.el7_9.2

Red Hat/Red Hat Enterprise Linux 7.7 Advanced Update Support 0:1.8.0-17.el7_7.1

Red Hat/Red Hat Enterprise Linux 8 0:1.15.0-7.el8_10

Red Hat/Red Hat Enterprise Linux 8 0:1.20.11-26.el8_10

Red Hat/Red Hat Enterprise Linux 8 0:21.1.3-18.el8_10

Red Hat/Red Hat Enterprise Linux 8.2 Advanced Update Support 0:1.20.6-4.el8_2

... and 37 more

Published Jun 17, 2025

Tracked Since Feb 18, 2026