High severity7.5NVD Advisory· Published Dec 1, 2017· Updated May 13, 2026
CVE-2017-16612
CVE-2017-16612
Description
libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.
Affected products
6cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- security.cucumberlinux.com/security/details.phpnvdPatchThird Party Advisory
- cgit.freedesktop.org/xorg/lib/libXcursor/commit/nvdExploitPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2017/11/28/6nvdMailing ListThird Party Advisory
- www.ubuntu.com/usn/USN-3501-1nvdThird Party Advisory
- marc.infonvdThird Party Advisory
- www.debian.org/security/2017/dsa-4059nvdThird Party Advisory
- bugzilla.suse.com/show_bug.cginvdIssue TrackingTool SignatureVDB Entry
- cgit.freedesktop.org/wayland/wayland/commit/nvd
- lists.debian.org/debian-lts-announce/2017/12/msg00002.htmlnvd
- lists.freedesktop.org/archives/wayland-devel/2017-November/035979.htmlnvd
- security.gentoo.org/glsa/201801-04nvd
- usn.ubuntu.com/3622-1/nvd
News mentions
0No linked articles in our index yet.