[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#883792: libxcursor: CVE-2017-16612: heap overflows when parsing malicious files

Source: libxcursor
Version: 1:1.1.14-1
Severity: important
Tags: patch security upstream

Hi,

the following vulnerability was published for libxcursor.

CVE-2017-16612[0]:
| libXcursor before 1.1.15 has various integer overflows that could lead
| to heap buffer overflows when processing malicious cursors, e.g., with
| programs like GIMP.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-16612
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16612
[1] 
https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8

Regards,
Salvatore
Reply to: