UBUNTU-CVE-2017-16612

Source
https://ubuntu.com/security/CVE-2017-16612
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-16612.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2017-16612
Related
Published
2017-11-28T00:00:00Z
Modified
2017-11-28T00:00:00Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.

References

Affected packages

Ubuntu:14.04:LTS / libxcursor

Package

Name
libxcursor
Purl
pkg:deb/ubuntu/libxcursor?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.1.14-1ubuntu0.14.04.1

Affected versions

1:1.*

1:1.1.14-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1:1.1.14-1ubuntu0.14.04.1",
            "binary_name": "libxcursor-dev"
        },
        {
            "binary_version": "1:1.1.14-1ubuntu0.14.04.1",
            "binary_name": "libxcursor-dev-dbgsym"
        },
        {
            "binary_version": "1:1.1.14-1ubuntu0.14.04.1",
            "binary_name": "libxcursor1"
        },
        {
            "binary_version": "1:1.1.14-1ubuntu0.14.04.1",
            "binary_name": "libxcursor1-dbg"
        },
        {
            "binary_version": "1:1.1.14-1ubuntu0.14.04.1",
            "binary_name": "libxcursor1-dbgsym"
        },
        {
            "binary_version": "1:1.1.14-1ubuntu0.14.04.1",
            "binary_name": "libxcursor1-udeb"
        },
        {
            "binary_version": "1:1.1.14-1ubuntu0.14.04.1",
            "binary_name": "libxcursor1-udeb-dbgsym"
        }
    ]
}

Ubuntu:14.04:LTS / wayland

Package

Name
wayland
Purl
pkg:deb/ubuntu/wayland?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.0-1ubuntu1.1

Affected versions

1.*

1.1.0-2ubuntu3
1.3.0-1
1.3.92-1
1.4.0-1
1.4.0-1ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.4.0-1ubuntu1.1",
            "binary_name": "libwayland-client0"
        },
        {
            "binary_version": "1.4.0-1ubuntu1.1",
            "binary_name": "libwayland-client0-dbg"
        },
        {
            "binary_version": "1.4.0-1ubuntu1.1",
            "binary_name": "libwayland-client0-dbgsym"
        },
        {
            "binary_version": "1.4.0-1ubuntu1.1",
            "binary_name": "libwayland-cursor0"
        },
        {
            "binary_version": "1.4.0-1ubuntu1.1",
            "binary_name": "libwayland-cursor0-dbg"
        },
        {
            "binary_version": "1.4.0-1ubuntu1.1",
            "binary_name": "libwayland-cursor0-dbgsym"
        },
        {
            "binary_version": "1.4.0-1ubuntu1.1",
            "binary_name": "libwayland-dev"
        },
        {
            "binary_version": "1.4.0-1ubuntu1.1",
            "binary_name": "libwayland-dev-dbgsym"
        },
        {
            "binary_version": "1.4.0-1ubuntu1.1",
            "binary_name": "libwayland-server0"
        },
        {
            "binary_version": "1.4.0-1ubuntu1.1",
            "binary_name": "libwayland-server0-dbg"
        },
        {
            "binary_version": "1.4.0-1ubuntu1.1",
            "binary_name": "libwayland-server0-dbgsym"
        },
        {
            "binary_version": "1.4.0-1ubuntu1.1",
            "binary_name": "libwayland0"
        }
    ]
}

Ubuntu:16.04:LTS / libxcursor

Package

Name
libxcursor
Purl
pkg:deb/ubuntu/libxcursor?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.1.14-1ubuntu0.16.04.1

Affected versions

1:1.*

1:1.1.14-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1:1.1.14-1ubuntu0.16.04.1",
            "binary_name": "libxcursor-dev"
        },
        {
            "binary_version": "1:1.1.14-1ubuntu0.16.04.1",
            "binary_name": "libxcursor-dev-dbgsym"
        },
        {
            "binary_version": "1:1.1.14-1ubuntu0.16.04.1",
            "binary_name": "libxcursor1"
        },
        {
            "binary_version": "1:1.1.14-1ubuntu0.16.04.1",
            "binary_name": "libxcursor1-dbg"
        },
        {
            "binary_version": "1:1.1.14-1ubuntu0.16.04.1",
            "binary_name": "libxcursor1-dbgsym"
        },
        {
            "binary_version": "1:1.1.14-1ubuntu0.16.04.1",
            "binary_name": "libxcursor1-udeb"
        },
        {
            "binary_version": "1:1.1.14-1ubuntu0.16.04.1",
            "binary_name": "libxcursor1-udeb-dbgsym"
        }
    ]
}

Ubuntu:16.04:LTS / wayland

Package

Name
wayland
Purl
pkg:deb/ubuntu/wayland?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.12.0-1~ubuntu16.04.3

Affected versions

1.*

1.8.1-1
1.9.0-1
1.12.0-1~ubuntu16.04.1
1.12.0-1~ubuntu16.04.2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.12.0-1~ubuntu16.04.3",
            "binary_name": "libwayland-bin"
        },
        {
            "binary_version": "1.12.0-1~ubuntu16.04.3",
            "binary_name": "libwayland-bin-dbgsym"
        },
        {
            "binary_version": "1.12.0-1~ubuntu16.04.3",
            "binary_name": "libwayland-client0"
        },
        {
            "binary_version": "1.12.0-1~ubuntu16.04.3",
            "binary_name": "libwayland-client0-dbgsym"
        },
        {
            "binary_version": "1.12.0-1~ubuntu16.04.3",
            "binary_name": "libwayland-cursor0"
        },
        {
            "binary_version": "1.12.0-1~ubuntu16.04.3",
            "binary_name": "libwayland-cursor0-dbgsym"
        },
        {
            "binary_version": "1.12.0-1~ubuntu16.04.3",
            "binary_name": "libwayland-dev"
        },
        {
            "binary_version": "1.12.0-1~ubuntu16.04.3",
            "binary_name": "libwayland-doc"
        },
        {
            "binary_version": "1.12.0-1~ubuntu16.04.3",
            "binary_name": "libwayland-server0"
        },
        {
            "binary_version": "1.12.0-1~ubuntu16.04.3",
            "binary_name": "libwayland-server0-dbgsym"
        }
    ]
}