CVE-2017-16612
Summary
| CVE | CVE-2017-16612 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-12-01 17:29:00 UTC |
| Updated | 2025-04-20 01:37:25 UTC |
| Description | libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0. |
Risk And Classification
Primary CVSS: v3.0 7.5 HIGH from [email protected]
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Problem Types: CWE-190 | n/a
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 7.5 | HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 2.0 | [email protected] | Primary | 5 | AV:N/AC:L/Au:N/C:N/I:N/A:P |
CVSS v3.0 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
HighCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
NoneIntegrity
NoneAvailability
PartialAV:N/AC:L/Au:N/C:N/I:N/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 17.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 17.10 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Application | X | Libxcursor | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CLD-156 Details | af854a3a-2127-422b-91ae-364da2661108 | security.cucumberlinux.com | Patch, Third Party Advisory |
| USN-3622-1: Wayland vulnerability | Ubuntu security notices | af854a3a-2127-422b-91ae-364da2661108 | usn.ubuntu.com | |
| oss-security - CVE-2017-16612 libXcursor: heap overflows when parsing malicious files | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Third Party Advisory |
| '[ANNOUNCE] libXcursor 1.1.15' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Third Party Advisory |
| libwayland-cursor heap overflow fix | af854a3a-2127-422b-91ae-364da2661108 | lists.freedesktop.org | |
| [SECURITY] [DLA 1201-1] libxcursor security update | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | |
| LibXcursor: User-assisted execution of arbitrary code (GLSA 201801-04) — Gentoo Security | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | |
| wayland/wayland - Wayland Compositor Infrastructure (mirrored from https://gitlab.freedesktop.org/wayland/wayland) | af854a3a-2127-422b-91ae-364da2661108 | cgit.freedesktop.org | |
| USN-3501-1: libxcursor vulnerability | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | Third Party Advisory |
| Debian -- Security Information -- DSA-4059-1 libxcursor | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Third Party Advisory |
| Bug 1065386 – VUL-0: CVE-2017-16612: libXcursor: heap overflows when parsing malicious files | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.suse.com | Issue Tracking, Tool Signature, VDB Entry |
| xorg/lib/libXcursor - X.org libXcursor library. (mirrored from https://gitlab.freedesktop.org/xorg/lib/libxcursor) | af854a3a-2127-422b-91ae-364da2661108 | cgit.freedesktop.org | Exploit, Patch, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.