Vulnerability Details : CVE-2017-16612
Potential exploit
libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.
Vulnerability category: Overflow
Products affected by CVE-2017-16612
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
- cpe:2.3:a:x:libxcursor:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-16612
2.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-16612
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-16612
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-16612
-
https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
xorg/lib/libXcursor - X.org libXcursor library. (mirrored from https://gitlab.freedesktop.org/xorg/lib/libxcursor)Exploit;Patch;Third Party Advisory
-
http://security.cucumberlinux.com/security/details.php?id=156
CLD-156 DetailsPatch;Third Party Advisory
-
https://cgit.freedesktop.org/wayland/wayland/commit/?id=5d201df72f3d4f4cb8b8f75f980169b03507da38
wayland/wayland - Wayland Compositor Infrastructure (mirrored from https://gitlab.freedesktop.org/wayland/wayland)
-
https://lists.debian.org/debian-lts-announce/2017/12/msg00002.html
[SECURITY] [DLA 1201-1] libxcursor security update
-
https://bugzilla.suse.com/show_bug.cgi?id=1065386
Bug 1065386 – VUL-0: CVE-2017-16612: libXcursor: heap overflows when parsing malicious filesIssue Tracking;Tool Signature;VDB Entry
-
http://www.openwall.com/lists/oss-security/2017/11/28/6
oss-security - CVE-2017-16612 libXcursor: heap overflows when parsing malicious filesMailing List;Third Party Advisory
-
https://lists.freedesktop.org/archives/wayland-devel/2017-November/035979.html
libwayland-cursor heap overflow fix
-
https://usn.ubuntu.com/3622-1/
USN-3622-1: Wayland vulnerability | Ubuntu security notices
-
https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2
'[ANNOUNCE] libXcursor 1.1.15' - MARCThird Party Advisory
-
https://security.gentoo.org/glsa/201801-04
LibXcursor: User-assisted execution of arbitrary code (GLSA 201801-04) — Gentoo security
-
http://www.ubuntu.com/usn/USN-3501-1
USN-3501-1: libxcursor vulnerability | Ubuntu security noticesThird Party Advisory
-
https://www.debian.org/security/2017/dsa-4059
Debian -- Security Information -- DSA-4059-1 libxcursorThird Party Advisory
Jump to