Severity High
Remote Yes
Type Arbitrary code execution
It was discovered that libxcursor before 1.1.15 is vulnerable to heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments. An attacker could use local privileges or trick a user into parsing a malicious file to cause libxcursor to crash, resulting in a denial of service, or possibly execute arbitrary code.
Group Package Affected Fixed Severity Status Ticket
AVG-532 lib32-libxcursor 1.1.14-1 1.1.15-1 High Fixed
AVG-531 libxcursor 1.1.14-1 1.1.15-1 High Fixed
Date Advisory Group Package Severity Description
30 Nov 2017 ASA-201711-42 AVG-532 lib32-libxcursor High arbitrary code execution
30 Nov 2017 ASA-201711-41 AVG-531 libxcursor High arbitrary code execution