CVE-2025-49175

| EUVD-2025-18502 MEDIUM
2025-06-17 [email protected]
6.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 14, 2026 - 22:15 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 22:15 euvd
EUVD-2025-18502
CVE Published
Jun 17, 2025 - 15:15 nvd
MEDIUM 6.1

Tags

Buffer Overflow Information Disclosure Ubuntu Debian Redhat Suse

Description

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.

Analysis

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.

Technical Context

An out-of-bounds memory access occurs when code reads from or writes to memory locations outside the intended buffer boundaries. This vulnerability is classified as Out-of-bounds Read (CWE-125).

Remediation

Implement proper bounds checking on all array and buffer accesses. Use memory-safe languages or static analysis tools to detect OOB issues.

Priority Score

31
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +30
POC: 0

Vendor Status

Ubuntu

Priority: Medium
xorg-server
Release Status Version
jammy released 2:21.1.4-2ubuntu1.7~22.04.15
noble released 2:21.1.12-1ubuntu1.4
oracular released 2:21.1.13-2ubuntu1.4
plucky released 2:21.1.16-1ubuntu1.1
trusty needs-triage -
upstream released 21.1.17
bionic released 2:1.19.6-1ubuntu4.15+esm13
focal released 2:1.20.13-1ubuntu1~20.04.20+esm1
xenial released 2:1.18.4-0ubuntu0.12+esm18
questing released 2:21.1.18-1ubuntu1
xwayland
Release Status Version
jammy released 2:22.1.1-1ubuntu0.19
noble released 2:23.2.6-1ubuntu0.6
oracular released 2:24.1.2-1ubuntu0.6
plucky released 2:24.1.6-1ubuntu0.1
upstream released 24.1.7
questing released 2:24.1.6-1ubuntu1
xorg
Release Status Version
xenial not-affected code not present
bionic not-affected code not present
focal not-affected code not present
jammy not-affected code not present
noble not-affected code not present
oracular not-affected code not present
plucky not-affected code not present
upstream not-affected -
questing not-affected code not present
xorg-server-hwe-16.04
Release Status Version
jammy DNE -
noble DNE -
oracular DNE -
plucky DNE -
upstream needs-triage -
xenial released 2:1.19.6-1ubuntu4.1~16.04.6+esm10
questing DNE -
xorg-server-hwe-18.04
Release Status Version
jammy DNE -
noble DNE -
oracular DNE -
plucky DNE -
upstream needs-triage -
bionic released 2:1.20.8-2ubuntu2.2~18.04.11+esm5
questing DNE -
xorg-hwe-16.04
Release Status Version
xenial not-affected code not present
jammy DNE -
noble DNE -
oracular DNE -
plucky DNE -
upstream not-affected -
questing DNE -
xorg-hwe-18.04
Release Status Version
bionic not-affected code not present
jammy DNE -
noble DNE -
oracular DNE -
plucky DNE -
upstream not-affected -
questing DNE -
USN-7573-2 USN-7573-1

Debian

Bug #1108369
xorg-server
Release Status Fixed Version Urgency
bullseye fixed 2:1.20.11-1+deb11u16 -
bullseye (security) fixed 2:1.20.11-1+deb11u17 -
bookworm, bookworm (security) fixed 2:21.1.7-3+deb12u11 -
trixie (security), trixie fixed 2:21.1.16-1.3+deb13u1 -
forky, sid fixed 2:21.1.21-1 -
bookworm fixed 2:21.1.7-3+deb12u10 -
(unstable) fixed 2:21.1.16-1.2 -
xwayland
Release Status Fixed Version Urgency
bookworm vulnerable 2:22.1.9-1 -
trixie vulnerable 2:24.1.6-1 -
forky, sid fixed 2:24.1.9-1 -
(unstable) fixed 2:24.1.8-1 -
DLA-4230-1 DSA-5947-1

Share

CVE-2025-49175 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy