Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2017-16612

Date: December 1, 2017

libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.

Language: C

Severity Score

Related Resources (18)

https://security.alpinelinux.org/vuln/CVE-2017-16612
https://lists.debian.org/debian-lts-announce/2017/12/msg00002.html
https://www.debian.org/security/2017/dsa-4059
https://nvd.nist.gov/vuln/detail/CVE-2017-16612
https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16612
http://www.openwall.com/lists/oss-security/2017/11/28/6
http://security.cucumberlinux.com/security/details.php?id=156
https://usn.ubuntu.com/3622-1/
https://access.redhat.com/security/cve/CVE-2017-16612
https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
https://cgit.freedesktop.org/wayland/wayland/commit/?id=5d201df72f3d4f4cb8b8f75f980169b03507da38
https://bugzilla.suse.com/show_bug.cgi?id=1065386
https://security-tracker.debian.org/tracker/CVE-2017-16612
http://www.ubuntu.com/usn/USN-3501-1
https://security.gentoo.org/glsa/201801-04
https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2
https://lists.freedesktop.org/archives/wayland-devel/2017-November/035979.html
https://www.mend.io/vulnerability-database/CVE-2017-16612

Severity Score

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us