CVE-2017-16612

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-16612

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16612.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-16612

Related

Published

2017-12-01T17:29:00Z

Modified

2024-12-05T15:18:43.953662Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.

References

Affected packages

Alpine:v3.10 / libxcursor

Package

Name: libxcursor
Purl: pkg:apk/alpine/libxcursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.15-r0

Affected versions

1.*

1.1.9-r0

1.1.10-r0

1.1.10-r1

1.1.10-r2

1.1.10-r3

1.1.10-r4

1.1.11-r0

1.1.11-r1

1.1.11-r2

1.1.12-r0

1.1.13-r0

1.1.13-r1

1.1.14-r1

1.1.14-r2

Alpine:v3.11 / libxcursor

Package

Name: libxcursor
Purl: pkg:apk/alpine/libxcursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.15-r0

Affected versions

1.*

1.1.9-r0

1.1.10-r0

1.1.10-r1

1.1.10-r2

1.1.10-r3

1.1.10-r4

1.1.11-r0

1.1.11-r1

1.1.11-r2

1.1.12-r0

1.1.13-r0

1.1.13-r1

1.1.14-r1

1.1.14-r2

Alpine:v3.12 / libxcursor

Package

Name: libxcursor
Purl: pkg:apk/alpine/libxcursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.15-r0

Affected versions

1.*

1.1.9-r0

1.1.10-r0

1.1.10-r1

1.1.10-r2

1.1.10-r3

1.1.10-r4

1.1.11-r0

1.1.11-r1

1.1.11-r2

1.1.12-r0

1.1.13-r0

1.1.13-r1

1.1.14-r1

1.1.14-r2

Alpine:v3.13 / libxcursor

Package

Name: libxcursor
Purl: pkg:apk/alpine/libxcursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.15-r0

Affected versions

1.*

1.1.9-r0

1.1.10-r0

1.1.10-r1

1.1.10-r2

1.1.10-r3

1.1.10-r4

1.1.11-r0

1.1.11-r1

1.1.11-r2

1.1.12-r0

1.1.13-r0

1.1.13-r1

1.1.14-r1

1.1.14-r2

Alpine:v3.14 / libxcursor

Package

Name: libxcursor
Purl: pkg:apk/alpine/libxcursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.15-r0

Affected versions

1.*

1.1.9-r0

1.1.10-r0

1.1.10-r1

1.1.10-r2

1.1.10-r3

1.1.10-r4

1.1.11-r0

1.1.11-r1

1.1.11-r2

1.1.12-r0

1.1.13-r0

1.1.13-r1

1.1.14-r1

1.1.14-r2

Alpine:v3.15 / libxcursor

Package

Name: libxcursor
Purl: pkg:apk/alpine/libxcursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.15-r0

Affected versions

1.*

1.1.9-r0

1.1.10-r0

1.1.10-r1

1.1.10-r2

1.1.10-r3

1.1.10-r4

1.1.11-r0

1.1.11-r1

1.1.11-r2

1.1.12-r0

1.1.13-r0

1.1.13-r1

1.1.14-r1

1.1.14-r2

Alpine:v3.16 / libxcursor

Package

Name: libxcursor
Purl: pkg:apk/alpine/libxcursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.15-r0

Affected versions

1.*

1.1.9-r0

1.1.10-r0

1.1.10-r1

1.1.10-r2

1.1.10-r3

1.1.10-r4

1.1.11-r0

1.1.11-r1

1.1.11-r2

1.1.12-r0

1.1.13-r0

1.1.13-r1

1.1.14-r1

1.1.14-r2

Alpine:v3.17 / libxcursor

Package

Name: libxcursor
Purl: pkg:apk/alpine/libxcursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.15-r0

Affected versions

1.*

1.1.9-r0

1.1.10-r0

1.1.10-r1

1.1.10-r2

1.1.10-r3

1.1.10-r4

1.1.11-r0

1.1.11-r1

1.1.11-r2

1.1.12-r0

1.1.13-r0

1.1.13-r1

1.1.14-r1

1.1.14-r2

Alpine:v3.18 / libxcursor

Package

Name: libxcursor
Purl: pkg:apk/alpine/libxcursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.15-r0

Affected versions

1.*

1.1.9-r0

1.1.10-r0

1.1.10-r1

1.1.10-r2

1.1.10-r3

1.1.10-r4

1.1.11-r0

1.1.11-r1

1.1.11-r2

1.1.12-r0

1.1.13-r0

1.1.13-r1

1.1.14-r1

1.1.14-r2

Alpine:v3.19 / libxcursor

Package

Name: libxcursor
Purl: pkg:apk/alpine/libxcursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.15-r0

Affected versions

1.*

1.1.9-r0

1.1.10-r0

1.1.10-r1

1.1.10-r2

1.1.10-r3

1.1.10-r4

1.1.11-r0

1.1.11-r1

1.1.11-r2

1.1.12-r0

1.1.13-r0

1.1.13-r1

1.1.14-r1

1.1.14-r2

Alpine:v3.20 / libxcursor

Package

Name: libxcursor
Purl: pkg:apk/alpine/libxcursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.15-r0

Affected versions

1.*

1.1.9-r0

1.1.10-r0

1.1.10-r1

1.1.10-r2

1.1.10-r3

1.1.10-r4

1.1.11-r0

1.1.11-r1

1.1.11-r2

1.1.12-r0

1.1.13-r0

1.1.13-r1

1.1.14-r1

1.1.14-r2

Alpine:v3.21 / libxcursor

Package

Name: libxcursor
Purl: pkg:apk/alpine/libxcursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.15-r0

Affected versions

1.*

1.1.9-r0

1.1.10-r0

1.1.10-r1

1.1.10-r2

1.1.10-r3

1.1.10-r4

1.1.11-r0

1.1.11-r1

1.1.11-r2

1.1.12-r0

1.1.13-r0

1.1.13-r1

1.1.14-r1

1.1.14-r2

Alpine:v3.4 / libxcursor

Package

Name: libxcursor
Purl: pkg:apk/alpine/libxcursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.15-r0

Affected versions

1.*

1.1.9-r0

1.1.10-r0

1.1.10-r1

1.1.10-r2

1.1.10-r3

1.1.10-r4

1.1.11-r0

1.1.11-r1

1.1.11-r2

1.1.12-r0

1.1.13-r0

1.1.13-r1

1.1.14-r1

Alpine:v3.5 / libxcursor

Package

Name: libxcursor
Purl: pkg:apk/alpine/libxcursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.15-r0

Affected versions

1.*

1.1.9-r0

1.1.10-r0

1.1.10-r1

1.1.10-r2

1.1.10-r3

1.1.10-r4

1.1.11-r0

1.1.11-r1

1.1.11-r2

1.1.12-r0

1.1.13-r0

1.1.13-r1

1.1.14-r1

Alpine:v3.6 / libxcursor

Package

Name: libxcursor
Purl: pkg:apk/alpine/libxcursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.15-r0

Affected versions

1.*

1.1.9-r0

1.1.10-r0

1.1.10-r1

1.1.10-r2

1.1.10-r3

1.1.10-r4

1.1.11-r0

1.1.11-r1

1.1.11-r2

1.1.12-r0

1.1.13-r0

1.1.13-r1

1.1.14-r1

Alpine:v3.7 / libxcursor

Package

Name: libxcursor
Purl: pkg:apk/alpine/libxcursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.15-r0

Affected versions

1.*

1.1.9-r0

1.1.10-r0

1.1.10-r1

1.1.10-r2

1.1.10-r3

1.1.10-r4

1.1.11-r0

1.1.11-r1

1.1.11-r2

1.1.12-r0

1.1.13-r0

1.1.13-r1

1.1.14-r1

1.1.14-r2

Alpine:v3.8 / libxcursor

Package

Name: libxcursor
Purl: pkg:apk/alpine/libxcursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.15-r0

Affected versions

1.*

1.1.9-r0

1.1.10-r0

1.1.10-r1

1.1.10-r2

1.1.10-r3

1.1.10-r4

1.1.11-r0

1.1.11-r1

1.1.11-r2

1.1.12-r0

1.1.13-r0

1.1.13-r1

1.1.14-r1

1.1.14-r2

Alpine:v3.9 / libxcursor

Package

Name: libxcursor
Purl: pkg:apk/alpine/libxcursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.15-r0

Affected versions

1.*

1.1.9-r0

1.1.10-r0

1.1.10-r1

1.1.10-r2

1.1.10-r3

1.1.10-r4

1.1.11-r0

1.1.11-r1

1.1.11-r2

1.1.12-r0

1.1.13-r0

1.1.13-r1

1.1.14-r1

1.1.14-r2

Debian:11 / libxcursor

Package

Name: libxcursor
Purl: pkg:deb/debian/libxcursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.1.14-3.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libxcursor

Package

Name: libxcursor
Purl: pkg:deb/debian/libxcursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.1.14-3.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libxcursor

Package

Name: libxcursor
Purl: pkg:deb/debian/libxcursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.1.14-3.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / wayland

Package

Name: wayland
Purl: pkg:deb/debian/wayland?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.14.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / wayland

Package

Name: wayland
Purl: pkg:deb/debian/wayland?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.14.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / wayland

Package

Name: wayland
Purl: pkg:deb/debian/wayland?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.14.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / gitlab.freedesktop.org/xorg/lib/libXcursor

Affected ranges

Type: GIT
Repo: https://gitlab.freedesktop.org/xorg/lib/libXcursor
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

f92f118047ee8cea7dbbc734d476225f033ba0b7

Affected versions

Other

MODULAR_COPY

XACE-SELINUX-MERGE

XORG-6_7_99_1

XORG-6_7_99_2

XORG-6_7_99_901

XORG-6_7_99_902

XORG-6_7_99_903

XORG-6_7_99_904

XORG-6_8_0

XORG-6_8_1

XORG-6_8_1_901

XORG-6_8_1_902

XORG-6_8_1_903

XORG-6_8_1_904

XORG-6_8_2

XORG-6_8_99_1

XORG-6_8_99_10

XORG-6_8_99_11

XORG-6_8_99_12

XORG-6_8_99_13

XORG-6_8_99_14

XORG-6_8_99_15

XORG-6_8_99_16

XORG-6_8_99_2

XORG-6_8_99_3

XORG-6_8_99_4

XORG-6_8_99_5

XORG-6_8_99_6

XORG-6_8_99_7

XORG-6_8_99_8

XORG-6_8_99_9

XORG-6_8_99_900

XORG-6_8_99_901

XORG-6_8_99_902

XORG-6_8_99_903

XORG-6_99_99_900

XORG-6_99_99_901

XORG-6_99_99_902

XORG-6_99_99_903

XORG-6_99_99_904

XORG-7_0

XORG-7_0_99_901

XORG-7_1

lg3d-base

lg3d-rel-0-6-2

lg3d-rel-0-7-0

libXcursor-1_1_6

rel-0-6-1

sco_port_update-base

xcursor-1_1_7

xf86-012804-2330

xf86-4_3_0_1

xf86-4_3_99_16

xf86-4_3_99_901

xf86-4_3_99_902

xf86-4_3_99_903

xf86-4_3_99_903_special

xf86-4_4_0

xf86-4_4_99_1

libXcursor-1.*

libXcursor-1.1.10

libXcursor-1.1.11

libXcursor-1.1.12

libXcursor-1.1.13

libXcursor-1.1.14

libXcursor-1.1.8

libXcursor-1.1.9