ID CVE-2017-16612
Summary libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.
References
Vulnerable Configurations
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 17.04
    cpe:2.3:o:canonical:ubuntu_linux:17.04
  • Canonical Ubuntu Linux 17.10
    cpe:2.3:o:canonical:ubuntu_linux:17.10
  • x.org libXcursor 1.1.14
    cpe:2.3:a:x:libxcursor:1.1.14
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-1C5DADA34B.NASL
    description libXcursor 1.1.15 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-03-07
    plugin id 107157
    published 2018-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107157
    title Fedora 27 : libXcursor (2018-1c5dada34b)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3622-1.NASL
    description It was discovered that the Wayland Xcursor support incorrectly handled certain files. An attacker could use these issues to cause Wayland to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-04-10
    plugin id 108950
    published 2018-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108950
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : wayland vulnerability (USN-3622-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3501-1.NASL
    description It was discovered that libxcursor incorrectly handled certain files. An attacker could use these issues to cause libxcursor to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-07
    plugin id 104884
    published 2017-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104884
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : libxcursor vulnerability (USN-3501-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201801-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-201801-04 (LibXcursor: User-assisted execution of arbitrary code) It was discovered that libXcursor is prone to several heap overflows when parsing malicious files. Impact : A remote attacker, by enticing a user to process a specially crafted cursor file, could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2018-09-02
    modified 2018-01-26
    plugin id 105630
    published 2018-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105630
    title GLSA-201801-04 : LibXcursor: User-assisted execution of arbitrary code
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1201.NASL
    description It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file. For Debian 7 'Wheezy', these problems have been fixed in version 1:1.1.13-1+deb7u2. We recommend that you upgrade your libxcursor packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-07-09
    plugin id 105117
    published 2017-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105117
    title Debian DLA-1201-1 : libxcursor security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-196.NASL
    description This update for libXcursor fixes the following issues : - CVE-2017-16612: It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments. (boo#1065386)
    last seen 2018-09-01
    modified 2018-02-21
    plugin id 106924
    published 2018-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106924
    title openSUSE Security Update : libXcursor (openSUSE-2018-196)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2017-333-01.NASL
    description New libXcursor packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
    last seen 2018-09-01
    modified 2018-01-26
    plugin id 104858
    published 2017-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104858
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : libXcursor (SSA:2017-333-01)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0246-1.NASL
    description This update for xorg-x11-libs fixes several issues. These security issues were fixed : - CVE-2017-16612: Heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments (bsc#1065386). - CVE-2017-13720: Improper check for end of string in PatterMatch caused invalid reads (bsc#1054285) - CVE-2017-13722: Malformed PCF file could have caused DoS or leak information (bsc#1049692) - Prevent the X server from accessing arbitrary files as root. It is not possible to leak information, but special files can be touched allowing for causing side effects (bsc#1050459) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-02
    plugin id 106449
    published 2018-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106449
    title SUSE SLES11 Security Update : xorg-x11-libs (SUSE-SU-2018:0246-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-3214-1.NASL
    description This update for libXcursor fixes the following issues: Security issue fixed : - CVE-2017-16612: Fix integeroverflow while parsing images and a signedness issue while parsing comments (bsc#1065386). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-02
    plugin id 105035
    published 2017-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105035
    title SUSE SLED12 / SLES12 Security Update : libXcursor (SUSE-SU-2017:3214-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4059.NASL
    description It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file.
    last seen 2018-09-01
    modified 2018-01-29
    plugin id 105120
    published 2017-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105120
    title Debian DSA-4059-1 : libxcursor - security update
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1003.NASL
    description According to the version of the libXcursor packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP.(CVE-2017-16612) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-08-10
    plugin id 106144
    published 2018-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106144
    title EulerOS 2.0 SP1 : libXcursor (EulerOS-SA-2018-1003)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1004.NASL
    description According to the version of the libXcursor packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP.(CVE-2017-16612) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-08-10
    plugin id 106145
    published 2018-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106145
    title EulerOS 2.0 SP2 : libXcursor (EulerOS-SA-2018-1004)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_DDECDE18E33B11E7A29354E1AD3D6335.NASL
    description The freedesktop.org project reports : It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments. The integer overflow occurs because the chosen limit 0x10000 for dimensions is too large for 32 bit systems, because each pixel takes 4 bytes. Properly chosen values allow an overflow which in turn will lead to less allocated memory than needed for subsequent reads. The signedness bug is triggered by reading the length of a comment as unsigned int, but casting it to int when calling the function XcursorCommentCreate. Turning length into a negative value allows the check against XCURSOR_COMMENT_MAX_LEN to pass, and the following addition of sizeof (XcursorComment) + 1 makes it possible to allocate less memory than needed for subsequent reads.
    last seen 2018-09-01
    modified 2018-01-31
    plugin id 105339
    published 2017-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105339
    title FreeBSD : libXcursor -- integer overflow that can lead to heap buffer overflow (ddecde18-e33b-11e7-a293-54e1ad3d6335)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-0EED1BE1C0.NASL
    description libXcursor 1.1.15 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-03-07
    plugin id 107156
    published 2018-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107156
    title Fedora 26 : libXcursor (2018-0eed1be1c0)
refmap via4
confirm
debian DSA-4059
gentoo GLSA-201801-04
misc
mlist
  • [debian-lts-announce] 20171210 [SECURITY] [DLA 1201-1] libxcursor security update
  • [freedesktop-xorg-announce] 20171128 libXcursor 1.1.15
  • [oss-security] 20171128 CVE-2017-16612 libXcursor: heap overflows when parsing malicious files
ubuntu
  • USN-3501-1
  • USN-3622-1
Last major update 01-12-2017 - 12:29
Published 01-12-2017 - 12:29
Last modified 10-04-2018 - 21:29
Back to Top