6.1

CVE-2025-49175

Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: out-of-bounds read in x rendering extension animated cursors

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerX.Org
Produkt xwayland
Default Statusunaffected
Version 0
Version < 24.1.8
Status affected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 10
Default Statusaffected
Version 0:24.1.5-4.el10_0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION
Default Statusaffected
Version 0:1.1.0-25.el6_10.1
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 7.7 Advanced Update Support
Default Statusaffected
Version 0:1.8.0-17.el7_7.1
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 7 Extended Lifecycle Support
Default Statusaffected
Version 0:1.20.4-32.el7_9
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 7 Extended Lifecycle Support
Default Statusaffected
Version 0:1.8.0-36.el7_9.2
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8
Default Statusaffected
Version 0:1.20.11-26.el8_10
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8
Default Statusaffected
Version 0:21.1.3-18.el8_10
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8
Default Statusaffected
Version 0:1.15.0-7.el8_10
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.2 Advanced Update Support
Default Statusaffected
Version 0:1.9.0-15.el8_2.14
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.2 Advanced Update Support
Default Statusaffected
Version 0:1.20.6-4.el8_2
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Default Statusaffected
Version 0:1.20.10-2.el8_4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Default Statusaffected
Version 0:1.11.0-8.el8_4.13
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
Default Statusaffected
Version 0:1.20.10-2.el8_4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
Default Statusaffected
Version 0:1.11.0-8.el8_4.13
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Default Statusaffected
Version 0:1.12.0-6.el8_6.14
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Default Statusaffected
Version 0:21.1.3-2.el8_6.4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Default Statusaffected
Version 0:1.20.11-5.el8_6.3
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On
Default Statusaffected
Version 0:1.12.0-6.el8_6.14
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On
Default Statusaffected
Version 0:21.1.3-2.el8_6.4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Default Statusaffected
Version 0:1.12.0-6.el8_6.14
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Default Statusaffected
Version 0:21.1.3-2.el8_6.4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Default Statusaffected
Version 0:1.20.11-5.el8_6.3
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
Default Statusaffected
Version 0:1.12.0-6.el8_6.14
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
Default Statusaffected
Version 0:21.1.3-2.el8_6.4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
Default Statusaffected
Version 0:1.20.11-5.el8_6.3
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On
Default Statusaffected
Version 0:1.20.11-16.el8_8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On
Default Statusaffected
Version 0:21.1.3-11.el8_8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Telecommunications Update Service
Default Statusaffected
Version 0:1.20.11-16.el8_8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Telecommunications Update Service
Default Statusaffected
Version 0:1.12.0-15.el8_8.14
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Telecommunications Update Service
Default Statusaffected
Version 0:21.1.3-11.el8_8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
Default Statusaffected
Version 0:1.20.11-16.el8_8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
Default Statusaffected
Version 0:1.12.0-15.el8_8.14
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
Default Statusaffected
Version 0:21.1.3-11.el8_8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9
Default Statusaffected
Version 0:1.20.11-31.el9_6
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9
Default Statusaffected
Version 0:23.2.7-4.el9_6
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9
Default Statusaffected
Version 0:1.14.1-8.el9_6
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Default Statusaffected
Version 0:21.1.3-3.el9_0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Default Statusaffected
Version 0:1.20.11-11.el9_0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Default Statusaffected
Version 0:1.11.0-22.el9_0.15
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
Default Statusaffected
Version 0:21.1.3-8.el9_2
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
Default Statusaffected
Version 0:1.20.11-18.el9_2
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
Default Statusaffected
Version 0:1.12.0-14.el9_2.12
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.4 Extended Update Support
Default Statusaffected
Version 0:22.1.9-6.el9_4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.4 Extended Update Support
Default Statusaffected
Version 0:1.20.11-26.el9_4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.4 Extended Update Support
Default Statusaffected
Version 0:1.13.1-8.el9_4.7
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 6
Default Statusaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.29% 0.204
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 6.1 1.8 4.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/security/cve/CVE-2025-49175
https://bugzilla.redhat.com/show_bug.cgi?id=2369947
https://access.redhat.com/errata/RHSA-2025:9303
https://access.redhat.com/errata/RHSA-2025:9304
https://access.redhat.com/errata/RHSA-2025:9305
https://access.redhat.com/errata/RHSA-2025:9306
https://access.redhat.com/errata/RHSA-2025:9392
https://access.redhat.com/errata/RHSA-2025:9964
https://access.redhat.com/errata/RHSA-2025:10258
https://access.redhat.com/errata/RHSA-2025:10342
https://access.redhat.com/errata/RHSA-2025:10343
https://access.redhat.com/errata/RHSA-2025:10347
https://access.redhat.com/errata/RHSA-2025:10348
https://access.redhat.com/errata/RHSA-2025:10344
https://access.redhat.com/errata/RHSA-2025:10346
https://access.redhat.com/errata/RHSA-2025:10349
https://access.redhat.com/errata/RHSA-2025:10350
https://access.redhat.com/errata/RHSA-2025:10351
https://access.redhat.com/errata/RHSA-2025:10352
https://access.redhat.com/errata/RHSA-2025:10355
https://access.redhat.com/errata/RHSA-2025:10356
https://access.redhat.com/errata/RHSA-2025:10360
https://access.redhat.com/errata/RHSA-2025:10370
https://access.redhat.com/errata/RHSA-2025:10374
https://access.redhat.com/errata/RHSA-2025:10375
https://access.redhat.com/errata/RHSA-2025:10376
https://access.redhat.com/errata/RHSA-2025:10377
https://access.redhat.com/errata/RHSA-2025:10378
https://access.redhat.com/errata/RHSA-2025:10381
https://access.redhat.com/errata/RHSA-2025:10410
https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html
https://gitlab.freedesktop.org/xorg/xserver/-/commit/0885e0b26225c90534642fe911632ec0779eebee
https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2024
https://www.x.org/wiki/Development/Security/