High severity7.5NVD Advisory· Published Dec 1, 2017· Updated Jun 17, 2026
CVE-2017-16612
CVE-2017-16612
Description
libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
20cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
- osv-coords13 versionspkg:rpm/opensuse/libXcursor&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libXcursor&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/libXcursor&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/libXcursor&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/libXcursor&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/libXcursor&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/libXcursor&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/libXcursor&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libXcursor&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/libXcursor&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/xorg-x11-libs&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/xorg-x11-libs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/xorg-x11-libs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
< 1.2.0-1.9+ 12 more
- (no CPE)range: < 1.2.0-1.9
- (no CPE)range: < 1.1.14-4.3.1
- (no CPE)range: < 1.1.14-4.3.1
- (no CPE)range: < 1.1.14-4.3.1
- (no CPE)range: < 1.1.14-4.3.1
- (no CPE)range: < 1.1.14-4.3.1
- (no CPE)range: < 1.1.14-4.3.1
- (no CPE)range: < 1.1.14-4.3.1
- (no CPE)range: < 1.1.14-4.3.1
- (no CPE)range: < 1.1.14-4.3.1
- (no CPE)range: < 7.4-8.26.50.5.3
- (no CPE)range: < 7.4-8.26.50.5.3
- (no CPE)range: < 7.4-8.26.50.5.3
Patches
Vulnerability mechanics
References
12- security.cucumberlinux.com/security/details.phpnvdPatchThird Party Advisory
- cgit.freedesktop.org/xorg/lib/libXcursor/commit/nvdExploitPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2017/11/28/6nvdMailing ListThird Party Advisory
- www.ubuntu.com/usn/USN-3501-1nvdThird Party Advisory
- marc.infonvdThird Party Advisory
- www.debian.org/security/2017/dsa-4059nvdThird Party Advisory
- bugzilla.suse.com/show_bug.cginvdIssue TrackingTool SignatureVDB Entry
- cgit.freedesktop.org/wayland/wayland/commit/nvd
- lists.debian.org/debian-lts-announce/2017/12/msg00002.htmlnvd
- lists.freedesktop.org/archives/wayland-devel/2017-November/035979.htmlnvd
- security.gentoo.org/glsa/201801-04nvd
- usn.ubuntu.com/3622-1/nvd
News mentions
0No linked articles in our index yet.