CVE-2017-16612

NameCVE-2017-16612
DescriptionlibXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1201-1, DSA-4059-1
Debian Bugs883792, 889681

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libxcursor (PTS)bullseye1:1.2.0-2fixed
bookworm1:1.2.1-1fixed
sid, trixie1:1.2.2-1fixed
wayland (PTS)bullseye1.18.0-2~exp1.1fixed
bookworm1.21.0-1fixed
sid, trixie1.23.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libxcursorsourcewheezy1:1.1.13-1+deb7u2DLA-1201-1
libxcursorsourcejessie1:1.1.14-1+deb8u1DSA-4059-1
libxcursorsourcestretch1:1.1.14-1+deb9u1DSA-4059-1
libxcursorsource(unstable)1:1.1.14-3.1883792
waylandsourcewheezy(not affected)
waylandsourcestretch1.12.0-1+deb9u1
waylandsource(unstable)1.14.0-2889681

Notes

[jessie] - wayland <no-dsa> (Minor issue)
[wheezy] - wayland <not-affected> (vulnerable code not present)
https://www.openwall.com/lists/oss-security/2017/11/28/6
https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2
Wayland: https://bugs.freedesktop.org/show_bug.cgi?id=103961
Wayland: https://cgit.freedesktop.org/wayland/wayland/commit/?id=5d201df72f3d4f4cb8b8f75f980169b03507da38
For src:wayland originally fixed in 1.14.0-2 but the 1.15.0-1 upload
did not merge in the 1.14.0-2 upload.
Search for package or bug name: Reporting problems