#VU9517 Integer overflow in libXcursor - CVE-2017-16612
Published: November 30, 2017 / Updated: December 1, 2017
Vulnerability identifier: #VU9517
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-16612
CWE-ID: CWE-190
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
libXcursor
libXcursor
Software vendor:
X.org
X.org
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow when processing malicious cursors in libXcursor library. A remote attacker can use a specially crafted cursor to trigger heap-based buffer overflow and execute arbitrary code on the target system via the application, which uses the vulnerable library, such as GIMP.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Update to version 1.1.15.