CVE-2017-16612

NameCVE-2017-16612
DescriptionlibXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1201-1, DSA-4059-1
NVD severitymedium (attack range: remote)
Debian Bugs883792, 889681

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libxcursor (PTS)jessie1:1.1.14-1+deb8u1fixed
jessie (security)1:1.1.14-1+deb8u2fixed
stretch1:1.1.14-1+deb9u2fixed
stretch (security)1:1.1.14-1+deb9u1fixed
buster, sid1:1.1.15-2fixed
wayland (PTS)jessie1.6.0-2vulnerable
stretch1.12.0-1vulnerable
buster, sid1.16.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libxcursorsource(unstable)1:1.1.14-3.1medium883792
libxcursorsourcejessie1:1.1.14-1+deb8u1mediumDSA-4059-1
libxcursorsourcestretch1:1.1.14-1+deb9u1mediumDSA-4059-1
libxcursorsourcewheezy1:1.1.13-1+deb7u2mediumDLA-1201-1
waylandsource(unstable)1.14.0-2medium889681
waylandsourcewheezy(not affected)

Notes

[stretch] - wayland <no-dsa> (Minor issue)
[jessie] - wayland <no-dsa> (Minor issue)
[wheezy] - wayland <not-affected> (vulnerable code not present)
http://www.openwall.com/lists/oss-security/2017/11/28/6
https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2
Wayland: https://bugs.freedesktop.org/show_bug.cgi?id=103961
Wayland: https://cgit.freedesktop.org/wayland/wayland/commit/?id=5d201df72f3d4f4cb8b8f75f980169b03507da38
For src:wayland originally fixed in 1.14.0-2 but the 1.15.0-1 upload
did not merge in the 1.14.0-2 upload.

Search for package or bug name: Reporting problems