CVE-2017-16612

NONE EPSS 91.4%
Published Dec 1, 20178y ago · Modified Jun 17, 20262w ago
Find Similar
Published Dec 1, 2017 8y ago
Last Modified Jun 17, 2026 2w ago

Description

libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.

Threat Intelligence

EPSS Exploit Probability
91.4% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-190 Integer Overflow or Wraparound Numeric Error

Affected Products 7

VendorProductVersionRange
debiandebian_linux8.0any
debiandebian_linux9.0any
canonicalubuntu_linux14.04any
canonicalubuntu_linux16.04any
canonicalubuntu_linux17.04any
canonicalubuntu_linux17.10any
xlibxcursor* ≤1.1.14

References 12

  • security.cucumberlinux.com http://security.cucumberlinux.com/security/details.php?id=156
    PatchThird Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2017/11/28/6
    Mailing ListThird Party Advisory
  • ubuntu.com http://www.ubuntu.com/usn/USN-3501-1
    Third Party Advisory
  • bugzilla.suse.com https://bugzilla.suse.com/show_bug.cgi?id=1065386
    Issue TrackingTool SignatureVDB Entry
  • cgit.freedesktop.org https://cgit.freedesktop.org/wayland/wayland/commit/?id=5d201df72f3d4f4cb8b8f75f980169b03507da38
  • cgit.freedesktop.org https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
    ExploitPatchThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2017/12/msg00002.html
  • lists.freedesktop.org https://lists.freedesktop.org/archives/wayland-devel/2017-November/035979.html
  • marc.info https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2
    Third Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/201801-04
  • usn.ubuntu.com https://usn.ubuntu.com/3622-1/
  • debian.org https://www.debian.org/security/2017/dsa-4059
    Third Party Advisory

Remediation

  • security.cucumberlinux.com http://security.cucumberlinux.com/security/details.php?id=156
    PatchThird Party Advisory
  • cgit.freedesktop.org https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
    ExploitPatchThird Party Advisory