CVE-2017-16612

Опубликовано: 01 дек. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.

Ссылки

http://security.cucumberlinux.com/security/details.php?id=156
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/11/28/6
Mailing List
Third Party Advisory
http://www.ubuntu.com/usn/USN-3501-1
Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1065386
Issue Tracking
Tool Signature
VDB Entry
https://cgit.freedesktop.org/wayland/wayland/commit/?id=5d201df72f3d4f4cb8b8f75f980169b03507da38
https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
Exploit
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/12/msg00002.html
https://lists.freedesktop.org/archives/wayland-devel/2017-November/035979.html
https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2
Third Party Advisory
https://security.gentoo.org/glsa/201801-04
https://usn.ubuntu.com/3622-1/
https://www.debian.org/security/2017/dsa-4059
Third Party Advisory
http://security.cucumberlinux.com/security/details.php?id=156
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/11/28/6
Mailing List
Third Party Advisory
http://www.ubuntu.com/usn/USN-3501-1
Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1065386
Issue Tracking
Tool Signature
VDB Entry
https://cgit.freedesktop.org/wayland/wayland/commit/?id=5d201df72f3d4f4cb8b8f75f980169b03507da38
https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
Exploit
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/12/msg00002.html
https://lists.freedesktop.org/archives/wayland-devel/2017-November/035979.html

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:a:x:libxcursor:*:*:*:*:*:*:*:*

Версия до 1.1.14 (включая)

EPSS

Процентиль: 87%

0.03557

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

CVE-2017-16612

CVSS3: 7.5

ubuntu

около 8 лет назад

CVE-2017-16612

CVSS3: 7.8

redhat

около 8 лет назад

CVE-2017-16612

CVSS3: 7.5

debian

около 8 лет назад

libXcursor before 1.1.15 has various integer overflows that could lead ...

openSUSE-SU-2018:0504-1

suse-cvrf

почти 8 лет назад

Security update for libXcursor

SUSE-SU-2017:3214-1

suse-cvrf

около 8 лет назад

Security update for libXcursor

EPSS

Процентиль: 87%

0.03557

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-190