{"api_version":"1","generated_at":"2026-04-23T04:09:36+00:00","cve":"CVE-2017-16612","urls":{"html":"https://cve.report/CVE-2017-16612","api":"https://cve.report/api/cve/CVE-2017-16612.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-16612","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-16612"},"summary":{"title":"CVE-2017-16612","description":"libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2017-12-01 17:29:00","updated_at":"2018-04-11 01:29:00"},"problem_types":["CWE-190"],"metrics":[],"references":[{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1065386","name":"https://bugzilla.suse.com/show_bug.cgi?id=1065386","refsource":"CONFIRM","tags":["Issue Tracking","Tool Signature","VDB Entry"],"title":"Bug 1065386 – VUL-0: CVE-2017-16612: libXcursor: heap overflows when parsing malicious files","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://cgit.freedesktop.org/wayland/wayland/commit/?id=5d201df72f3d4f4cb8b8f75f980169b03507da38","name":"https://cgit.freedesktop.org/wayland/wayland/commit/?id=5d201df72f3d4f4cb8b8f75f980169b03507da38","refsource":"MISC","tags":[],"title":"wayland/wayland - Wayland Compositor Infrastructure  (mirrored from https://gitlab.freedesktop.org/wayland/wayland)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2","name":"[freedesktop-xorg-announce] 20171128 libXcursor 1.1.15","refsource":"MLIST","tags":["Third Party Advisory"],"title":"'[ANNOUNCE] libXcursor 1.1.15' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2017/11/28/6","name":"[oss-security] 20171128 CVE-2017-16612 libXcursor: heap overflows when parsing malicious files","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"oss-security - CVE-2017-16612 libXcursor: heap overflows when parsing malicious\n files","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.cucumberlinux.com/security/details.php?id=156","name":"http://security.cucumberlinux.com/security/details.php?id=156","refsource":"CONFIRM","tags":["Patch","Third Party Advisory"],"title":"CLD-156 Details","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-3501-1","name":"USN-3501-1","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3501-1: libxcursor vulnerability | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00002.html","name":"[debian-lts-announce] 20171210 [SECURITY] [DLA 1201-1] libxcursor security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 1201-1] libxcursor security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/3622-1/","name":"USN-3622-1","refsource":"UBUNTU","tags":[],"title":"USN-3622-1: Wayland vulnerability | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/201801-04","name":"GLSA-201801-04","refsource":"GENTOO","tags":[],"title":"LibXcursor: User-assisted execution of arbitrary code (GLSA 201801-04) — Gentoo Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.freedesktop.org/archives/wayland-devel/2017-November/035979.html","name":"https://lists.freedesktop.org/archives/wayland-devel/2017-November/035979.html","refsource":"MISC","tags":[],"title":"libwayland-cursor heap overflow fix","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8","name":"https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8","refsource":"CONFIRM","tags":["Exploit","Patch","Third Party Advisory"],"title":"xorg/lib/libXcursor - X.org libXcursor library.  (mirrored from https://gitlab.freedesktop.org/xorg/lib/libxcursor)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2017/dsa-4059","name":"DSA-4059","refsource":"DEBIAN","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-4059-1 libxcursor","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-16612","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16612","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"16612","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"16612","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"16612","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"17.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"16612","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"17.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"16612","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"16612","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"16612","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"17.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"16612","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"17.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"16612","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"16612","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"16612","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"16612","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"16612","vulnerable":"1","versionEndIncluding":"1.1.14","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"x","cpe5":"libxcursor","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2017-16612","qid":"500337","title":"Alpine Linux Security Update for libxcursor"},{"cve":"CVE-2017-16612","qid":"504101","title":"Alpine Linux Security Update for libxcursor"},{"cve":"CVE-2017-16612","qid":"710238","title":"Gentoo Linux LibXcursor User-assisted execution of arbitrary code Vulnerability (GLSA 201801-04)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2017-16612","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8","refsource":"CONFIRM","url":"https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8"},{"name":"USN-3622-1","refsource":"UBUNTU","url":"https://usn.ubuntu.com/3622-1/"},{"name":"[oss-security] 20171128 CVE-2017-16612 libXcursor: heap overflows when parsing malicious files","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2017/11/28/6"},{"name":"https://bugzilla.suse.com/show_bug.cgi?id=1065386","refsource":"CONFIRM","url":"https://bugzilla.suse.com/show_bug.cgi?id=1065386"},{"name":"GLSA-201801-04","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201801-04"},{"name":"https://lists.freedesktop.org/archives/wayland-devel/2017-November/035979.html","refsource":"MISC","url":"https://lists.freedesktop.org/archives/wayland-devel/2017-November/035979.html"},{"name":"USN-3501-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-3501-1"},{"name":"[debian-lts-announce] 20171210 [SECURITY] [DLA 1201-1] libxcursor security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00002.html"},{"name":"https://cgit.freedesktop.org/wayland/wayland/commit/?id=5d201df72f3d4f4cb8b8f75f980169b03507da38","refsource":"MISC","url":"https://cgit.freedesktop.org/wayland/wayland/commit/?id=5d201df72f3d4f4cb8b8f75f980169b03507da38"},{"name":"[freedesktop-xorg-announce] 20171128 libXcursor 1.1.15","refsource":"MLIST","url":"https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2"},{"name":"http://security.cucumberlinux.com/security/details.php?id=156","refsource":"CONFIRM","url":"http://security.cucumberlinux.com/security/details.php?id=156"},{"name":"DSA-4059","refsource":"DEBIAN","url":"https://www.debian.org/security/2017/dsa-4059"}]}},"nvd":{"publishedDate":"2017-12-01 17:29:00","lastModifiedDate":"2018-04-11 01:29:00","problem_types":["CWE-190"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:x:libxcursor:*:*:*:*:*:*:*:*","versionEndIncluding":"1.1.14","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"16612","Ordinal":"114357","Title":"CVE-2017-16612","CVE":"CVE-2017-16612","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"16612","Ordinal":"1","NoteData":"libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"16612","Ordinal":"2","NoteData":"2017-12-01","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"16612","Ordinal":"3","NoteData":"2018-04-10","Type":"Other","Title":"Modified"}]}}}