PT-2017-4055 · X.Org Foundation+5 · Libxcursor+5

Tobias Stoeckmann

Publicado

2017-11-28

Atualizado

2024-06-15

CVE-2017-16612

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libXcursor versions prior to 1.1.15

Description The issue is related to integer overflows in the libXcursor package, which could lead to heap buffer overflows when processing malicious cursors. This might allow a remote attacker to cause a denial of service. The vulnerability can be exploited through programs that handle cursors, such as GIMP. Additionally, there is a potential attack vector against the related code in cursor/xcursor.c in Wayland through version 1.14.0.

Recommendations For libXcursor versions prior to 1.1.15, update to version 1.1.15 or later to resolve the issue. As a temporary workaround, consider restricting the use of malicious cursors to minimize the risk of exploitation.

Exploit

Correção

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALT-PU-2017-2727

BDU:2021-01287

CVE-2017-16612

DLA-1201-1

DSA-4059-1

MGASA-2017-0443

OPENSUSE-SU-2024:10919-1

SUSE-SU-2017:3214-1

SUSE-SU-2017_3214-1

SUSE-SU-2018:0246-1

USN-3501-1

USN-3622-1

Produtos afetados

Alt Linux

Gimp

Suse

Ubuntu

Xwayland

Libxcursor

PT-2017-4055 · X.Org Foundation+5 · Libxcursor+5

CVE-2017-16612

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 54