PT-2017-4055 · X.Org Foundation+5 · Libxcursor+5

Tobias Stoeckmann

Published

2017-11-28

Updated

2024-06-15

CVE-2017-16612

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libXcursor versions prior to 1.1.15

Description The issue is related to integer overflows in the libXcursor package, which could lead to heap buffer overflows when processing malicious cursors. This might allow a remote attacker to cause a denial of service. The vulnerability can be exploited through programs that handle cursors, such as GIMP. Additionally, there is a potential attack vector against the related code in cursor/xcursor.c in Wayland through version 1.14.0.

Recommendations For libXcursor versions prior to 1.1.15, update to version 1.1.15 or later to resolve the issue. As a temporary workaround, consider restricting the use of malicious cursors to minimize the risk of exploitation.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2017-2727

BDU:2021-01287

CVE-2017-16612

DLA-1201-1

DSA-4059-1

MGASA-2017-0443

OPENSUSE-SU-2024:10919-1

SUSE-SU-2017:3214-1

SUSE-SU-2017_3214-1

SUSE-SU-2018:0246-1

USN-3501-1

USN-3622-1

Affected Products

Alt Linux

Gimp

Suse

Ubuntu

Xwayland

Libxcursor

PT-2017-4055 · X.Org Foundation+5 · Libxcursor+5

CVE-2017-16612

Weakness Enumeration

Related Identifiers

Affected Products

References · 54