Authors:Tobias Stoeckmann Risk：High CVE：CVE-2017-16612 0day:Integer Overflow 0day-id:0DAY-16612 Date：2018-04-16
libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.
Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to access local systems.
Administrators are advised to allow only trusted users to have network access.
Users are advised not to open email messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in email messages are safe, they are advised not to open them.
Administrators are advised to monitor affected systems.
freedesktop.org has released a bug report at the following link: Bug 103961
freedesktop.org has released patches at the following links: libwayland-cursor heap overflow fix and libXcursor – Fix heap overflows when parsing malicious files
|1||Initial public release.||—||2018-April-12|
The security vulnerability applies to the following combinations of products.
|freedesktop.org||libXcursor||.1 (Base) | 1.1 (.0, .7, .8, .9, .10, .11, .12, .13, .14)|
|freedesktop.org||wayland||0.95 (.0) | 1.0 (.0) | 1.1 (.0) | 1.2 (.0) | 1.3 (.0) | 1.4 (.0) | 1.5 (.0) | 1.6 (.0) | 1.7 (.0) | 1.8 (.0) | 1.9 (.0) | 1.10 (.0) | 1.11 (.0) | 1.12 (.0) | 1.13 (.0) | 1.14 (.0)|