CVE-2025-49175
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk20th percentile - higher than 20% of all known CVEs
Summary
A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.
Risk Assessment
The risk involves a potential crash of the X server, which can disrupt the graphical system and affect desktop environment stability.
Recommendation
It is recommended to immediately update the libXrender package to the latest patched version. Also monitor for the availability of a fix from your system distributor.
Original NVD description (English source)
A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.

