libXcursor Cursor Processing – Integer Overflow

Authors:Tobias Stoeckmann      Risk:High
 
CVE:CVE-2017-16612            0day:Integer Overflow 

0day-id:0DAY-16612             Date:2018-04-16

Description

libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.

Analysis

To exploit this vulnerability, an attacker must have local access to the targeted system or persuade a user on the system to open a malicious image file.

Safeguards

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to access local systems.

Administrators are advised to allow only trusted users to have network access.

Users are advised not to open email messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in email messages are safe, they are advised not to open them.

Administrators are advised to monitor affected systems.

Vendor Announcements

freedesktop.org has released a bug report at the following link: Bug 103961

Fixed Software

freedesktop.org has released patches at the following links: libwayland-cursor heap overflow fix and libXcursor – Fix heap overflows when parsing malicious files

Revision History

Version Description Section Date
1 Initial public release. 2018-April-12

 

Affected Products

The security vulnerability applies to the following combinations of products. 

Primary Products
freedesktop.org libXcursor .1 (Base) | 1.1 (.0, .7, .8, .9, .10, .11, .12, .13, .14)
Associated Products
freedesktop.org wayland 0.95 (.0) | 1.0 (.0) | 1.1 (.0) | 1.2 (.0) | 1.3 (.0) | 1.4 (.0) | 1.5 (.0) | 1.6 (.0) | 1.7 (.0) | 1.8 (.0) | 1.9 (.0) | 1.10 (.0) | 1.11 (.0) | 1.12 (.0) | 1.13 (.0) | 1.14 (.0)

发表评论