CVE-2017-16612

Debian Bug report logs - #883792 libxcursor: CVE-2017-16612: heap overflows when parsing malicious files Package: src:libxcursor; Maintainer for src:libxcursor is Debian X Strike Force <debian-x@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 7 Dec 2017 15:33:02 UTC Severity: impo ...

Wayland could be made to crash or run programs if it opened a specially crafted file ...

libxcursor could be made to crash or run programs if it opened a specially crafted file ...

It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file For the oldstable distribution (jessie), these problems have been fixed i ...

libXcursor before 1115 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, eg, with programs like GIMP It is also possible that an attack vector exists against the related code in cursor/xcursorc in Wayland through 1140 ...

It was discovered that libxcursor before 1115 is vulnerable to heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments An attacker could use local privileges or trick a user into parsing a malicious file to cause libxcursor to crash, resulting in a denial of service, or possibly execute arbitr ...