{"id":"CVE-2025-49175","details":"A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.","modified":"2026-03-20T12:43:57.117417Z","published":"2025-06-17T15:15:45.290Z","related":["ALSA-2025:9303","ALSA-2025:9304","ALSA-2025:9305","ALSA-2025:9306","ALSA-2025:9392","MGASA-2025-0199","SUSE-SU-2025:01974-1","SUSE-SU-2025:01975-1","SUSE-SU-2025:01977-1","SUSE-SU-2025:01978-1","SUSE-SU-2025:01979-1","SUSE-SU-2025:01980-1","SUSE-SU-2025:01981-1","SUSE-SU-2025:02012-1","openSUSE-SU-2025:15310-1","openSUSE-SU-2025:15311-1"],"references":[{"type":"WEB","url":"https://www.x.org/wiki/Development/Security/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html"},{"type":"WEB","url":"https://access.redhat.com/security/cve/CVE-2025-49175"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10350"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10374"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10378"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10381"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:9305"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10356"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:9392"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10352"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10343"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10346"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10347"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10375"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10410"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10351"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10355"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:9306"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10360"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10342"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10349"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10376"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:9303"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10258"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10370"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:9304"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:9964"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10344"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10348"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10377"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369947"},{"type":"FIX","url":"https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2024"},{"type":"FIX","url":"https://gitlab.freedesktop.org/xorg/xserver/-/commit/0885e0b26225c90534642fe911632ec0779eebee"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/xorg/xserver","events":[{"introduced":"0"},{"fixed":"0885e0b26225c90534642fe911632ec0779eebee"}]}],"versions":["DAMAGE-XFIXES-BASE","DRI-XFree86-4_3_99_12-merge","DRI-trunk-20040613","DRI-trunk-20040721","DRM-1_0_5","DRM-20040613","DRM-20040721","DRM-20050615","DRM-20051017","DRM-2_0_0","Domain-base","Domain-sync1","Domain-sync2","Domain-sync3","Domain-sync4","MODULAR_COPY","PRE_xf86-4_3_0_1","XACE-SELINUX-BASE","XACE-SELINUX-MERGE","XEVIE-BASE","XEVIE-MERGE","XORG-6_7_99_1","XORG-6_7_99_2","XORG-6_7_99_901","XORG-6_7_99_902","XORG-6_7_99_903","XORG-6_7_99_904","XORG-6_8_0","XORG-6_8_99_1","XORG-6_8_99_10","XORG-6_8_99_11","XORG-6_8_99_12","XORG-6_8_99_13","XORG-6_8_99_14","XORG-6_8_99_15","XORG-6_8_99_16","XORG-6_8_99_2","XORG-6_8_99_3","XORG-6_8_99_4","XORG-6_8_99_5","XORG-6_8_99_6","XORG-6_8_99_7","XORG-6_8_99_8","XORG-6_8_99_9","XORG-6_8_99_900","XORG-6_8_99_901","XORG-6_8_99_902","XORG-6_8_99_903","XORG-6_99_99_900","XORG-6_99_99_901","XORG-6_99_99_902","XORG-6_99_99_903","XORG-6_99_99_904","XORG-7_0","XORG-7_0_99_901","XORG-CURRENT-CLOSED","XORG-CURRENT-premerge-release-1","XORG-MAIN","XORG-RELEASE-1-BASE","add-Xi","ah-20021030","ah-20021030-postdri","before-mesa-4_0-import","before_20040421_xprint_branch_landing","dhd-20010328","dhd-20010817","dhd-20020916","dri-0-1-branchpoint","dri-20020129-merge","dri-20020222-merge","kdrive-initial-import","keithp","lg3d-base","pre-R651-import","pre-xgldrop-merge","sco_port_update-base","xf-3_9_16Z","xf-3_9_16Za","xf-3_9_16d","xf-3_9_16e","xf-3_9_16f","xf-3_9_17","xf-3_9_17Z","xf-3_9_17a","xf-3_9_17b","xf-3_9_17c","xf-3_9_17d","xf-3_9_17e","xf-3_9_17f","xf-3_9_18","xf-3_9_18Z","xf-3_9_18Za","xf-3_9_18a","xf-3_9_18b","xf-4_0","xf-4_0-bindist","xf-4_0Z","xf-4_0_1","xf-4_0_1-bindist","xf-4_0_1Z","xf-4_0_1Za","xf-4_0_1Zb","xf-4_0_1Zc","xf-4_0_1a","xf-4_0_1b","xf-4_0_1c","xf-4_0_1d","xf-4_0_1e","xf-4_0_1f","xf-4_0_1g","xf-4_0_1h","xf-4_0_2","xf-4_0_2-bindist","xf-4_0_99_1","xf-4_0_99_2","xf-4_0_99_3","xf-4_0_99_900","xf-4_0a","xf-4_0b","xf-4_0c","xf-4_0d","xf-4_0e","xf-4_0f","xf-4_0g","xf-4_1_99_1","xf-4_1_99_2","xf-4_1_99_3","xf-4_1_99_4","xf-4_1_99_5","xf-4_1_99_6","xf-4_1_99_7","xf-4_2-bp","xf-4_2_0","xf-4_2_0-bindist","xf-4_2_0-bindist-1","xf-4_2_0_1","xf-4_2_1","xf-4_2_1_1","xf-4_2_99_1","xf-4_2_99_2","xf-4_2_99_3","xf-4_2_99_4","xf-4_2_99_901","xf-4_2_99_902","xf-4_3_0","xf-4_3_0_1","xf-4_3_99_1","xf-4_3_99_2","xf-4_3_99_3","xf-4_3_99_4","xf-4_3_99_5","xf-4_3_99_6","xf86-012804-2330","xf86-4_3_0_1","xf86-4_3_99_16","xf86-4_3_99_901","xf86-4_3_99_902","xf86-4_3_99_903","xf86-4_3_99_903_special","xf86-4_4_0","xf86-4_4_99_1","xfixes_2_branchpoint","xorg-server-0_99_1","xorg-server-1.1.99.3","xorg-server-1.10.0","xorg-server-1.10.99.901","xorg-server-1.10.99.902","xorg-server-1.11.0","xorg-server-1.11.99.1","xorg-server-1.11.99.2","xorg-server-1.11.99.901","xorg-server-1.11.99.902","xorg-server-1.11.99.903","xorg-server-1.12.0","xorg-server-1.12.99.901","xorg-server-1.12.99.902","xorg-server-1.12.99.903","xorg-server-1.12.99.904","xorg-server-1.12.99.905","xorg-server-1.13.0","xorg-server-1.13.99.901","xorg-server-1.13.99.902","xorg-server-1.14.0","xorg-server-1.14.99.1","xorg-server-1.14.99.2","xorg-server-1.14.99.3","xorg-server-1.14.99.901","xorg-server-1.14.99.902","xorg-server-1.14.99.903","xorg-server-1.14.99.904","xorg-server-1.14.99.905","xorg-server-1.15.0","xorg-server-1.15.99.901","xorg-server-1.15.99.902","xorg-server-1.15.99.903","xorg-server-1.15.99.904","xorg-server-1.16.0","xorg-server-1.16.99.901","xorg-server-1.16.99.902","xorg-server-1.17.0","xorg-server-1.17.99.901","xorg-server-1.17.99.902","xorg-server-1.18.0","xorg-server-1.18.99.2","xorg-server-1.18.99.901","xorg-server-1.18.99.902","xorg-server-1.19.0","xorg-server-1.19.99.901","xorg-server-1.19.99.902","xorg-server-1.19.99.903","xorg-server-1.19.99.904","xorg-server-1.19.99.905","xorg-server-1.2.99.0","xorg-server-1.20.0","xorg-server-1.3.99.0","xorg-server-1.5.99.1","xorg-server-1.6.99.900","xorg-server-1.6.99.901","xorg-server-1.7.99.1","xorg-server-1.7.99.2","xorg-server-1.7.99.901","xorg-server-1.7.99.902","xorg-server-1.8.0","xorg-server-1.8.99.901","xorg-server-1.8.99.902","xorg-server-1.8.99.903","xorg-server-1.8.99.904","xorg-server-1.8.99.905","xorg-server-1.8.99.906","xorg-server-1.9.0","xorg-server-1.9.99.901","xorg-server-1.9.99.902","xorg-server-1.9.99.903","xorg-server-1_0_99_1","xorg-server-1_0_99_2","xorg-server-1_0_99_901","xorg-server-1_1_99_1","xorg-server-1_1_99_2","xorg-server-21.0.99.1"],"database_specific":{"vanir_signatures":[{"source":"https://gitlab.freedesktop.org/xorg/xserver@0885e0b26225c90534642fe911632ec0779eebee","signature_type":"Function","deprecated":false,"target":{"function":"ProcRenderCreateAnimCursor","file":"render/render.c"},"id":"CVE-2025-49175-58c280de","signature_version":"v1","digest":{"function_hash":"122584735696274364422060063892165002366","length":1027}},{"source":"https://gitlab.freedesktop.org/xorg/xserver@0885e0b26225c90534642fe911632ec0779eebee","signature_type":"Line","deprecated":false,"target":{"file":"render/animcur.c"},"id":"CVE-2025-49175-7e94439a","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["294998917823412802965223208333397258085","21184135772707038616500113496500412873","7674082937896147256125737999098619836"]}},{"source":"https://gitlab.freedesktop.org/xorg/xserver@0885e0b26225c90534642fe911632ec0779eebee","signature_type":"Function","deprecated":false,"target":{"function":"AnimCursorCreate","file":"render/animcur.c"},"id":"CVE-2025-49175-b8aaef88","signature_version":"v1","digest":{"function_hash":"310712291795316373901510518998060996456","length":1514}},{"source":"https://gitlab.freedesktop.org/xorg/xserver@0885e0b26225c90534642fe911632ec0779eebee","signature_type":"Line","deprecated":false,"target":{"file":"render/render.c"},"id":"CVE-2025-49175-f7ba5cda","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["286120762742463316677637746009318338647","155283050415317614957883169928099222969","191895959675379773512973961786850660491","217608319667053825895419234885490655860"]}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-49175.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H"}]}