CVE-2017-16612 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary code execution
Description	It was discovered that libxcursor before 1.1.15 is vulnerable to heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments. An attacker could use local privileges or trick a user into parsing a malicious file to cause libxcursor to crash, resulting in a denial of service, or possibly execute arbitrary code.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-532	lib32-libxcursor	1.1.14-1	1.1.15-1	High	Fixed
AVG-531	libxcursor	1.1.14-1	1.1.15-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
30 Nov 2017	ASA-201711-42	AVG-532	lib32-libxcursor	High	arbitrary code execution
30 Nov 2017	ASA-201711-41	AVG-531	libxcursor	High	arbitrary code execution

References
http://openwall.com/lists/oss-security/2017/11/28/6 https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8 https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2

References

http://openwall.com/lists/oss-security/2017/11/28/6
https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2