CVE-2017-16612
NONE EPSS 91.4%
Published Dec 1, 20178y ago · Modified Jun 17, 20262w ago
Published Dec 1, 2017 8y ago
Last Modified Jun 17, 2026 2w ago
Description
libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.
Threat Intelligence
EPSS Exploit Probability
91.4% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-190 Integer Overflow or Wraparound Numeric Error
Affected Products 7
References 12
- security.cucumberlinux.com http://security.cucumberlinux.com/security/details.php?id=156
- openwall.com http://www.openwall.com/lists/oss-security/2017/11/28/6
- ubuntu.com http://www.ubuntu.com/usn/USN-3501-1
- bugzilla.suse.com https://bugzilla.suse.com/show_bug.cgi?id=1065386
- cgit.freedesktop.org https://cgit.freedesktop.org/wayland/wayland/commit/?id=5d201df72f3d4f4cb8b8f75f980169b03507da38
- cgit.freedesktop.org https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
- lists.debian.org https://lists.debian.org/debian-lts-announce/2017/12/msg00002.html
- lists.freedesktop.org https://lists.freedesktop.org/archives/wayland-devel/2017-November/035979.html
- marc.info https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2
- security.gentoo.org https://security.gentoo.org/glsa/201801-04
- usn.ubuntu.com https://usn.ubuntu.com/3622-1/
- debian.org https://www.debian.org/security/2017/dsa-4059
Remediation
- security.cucumberlinux.com http://security.cucumberlinux.com/security/details.php?id=156
- cgit.freedesktop.org https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8