CVE Catalog

CVE-2025-49175

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile - higher than 20% of all known CVEs

Summary

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.

Risk Assessment

The risk involves a potential crash of the X server, which can disrupt the graphical system and affect desktop environment stability.

Recommendation

It is recommended to immediately update the libXrender package to the latest patched version. Also monitor for the availability of a fix from your system distributor.

Original NVD description (English source)

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS