Lucene search

[email protected]CVE-2017-16612

HistoryDec 01, 2017 - 5:29 p.m.

CVE-2017-16612

2017-12-0117:29:00

CWE-190

[email protected]

web.nvd.nist.gov

145

libxcursor

integer overflows

heap buffer overflows

nvd

security vulnerability

cve-2017-16612

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.6%

JSON

libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.

Affected configurations

NVD

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch17.04

canonicalubuntu_linuxMatch17.10

Node

xlibxcursorRange≤1.1.14

CPENameOperatorVersion
debian:debian_linuxdebian debian linuxeq8.0
debian:debian_linuxdebian debian linuxeq9.0

CPE	Name	Operator	Version
debian:debian_linux	debian debian linux	eq	8.0
debian:debian_linux	debian debian linux	eq	9.0

References

security.cucumberlinux.com/security/details.php?id=156

www.openwall.com/lists/oss-security/2017/11/28/6

www.ubuntu.com/usn/USN-3501-1

bugzilla.suse.com/show_bug.cgi?id=1065386

cgit.freedesktop.org/wayland/wayland/commit/?id=5d201df72f3d4f4cb8b8f75f980169b03507da38

cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8

lists.debian.org/debian-lts-announce/2017/12/msg00002.html

lists.freedesktop.org/archives/wayland-devel/2017-November/035979.html

marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2

security.gentoo.org/glsa/201801-04

usn.ubuntu.com/3622-1/

www.debian.org/security/2017/dsa-4059

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.6%

JSON

Related for CVE-2017-16612

nessus20 gentoo1 ubuntucve1 osv3 archlinux2 openvas12 debiancve1 veracode1 alpinelinux1 freebsd1 slackware1 prion1 nvd1 cloudfoundry2 ubuntu2 debian2 fedora2 mageia1 redhatcve1 cvelist1 ibm1