CVE-2017-16612

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
It was discovered that libxcursor before 1.1.15 is vulnerable to heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments. An attacker could use local privileges or trick a user into parsing a malicious file to cause libxcursor to crash, resulting in a denial of service, or possibly execute arbitrary code.
Group Package Affected Fixed Severity Status Ticket
AVG-532 lib32-libxcursor 1.1.14-1 1.1.15-1 High Fixed
AVG-531 libxcursor 1.1.14-1 1.1.15-1 High Fixed
Date Advisory Group Package Severity Description
30 Nov 2017 ASA-201711-42 AVG-532 lib32-libxcursor High arbitrary code execution
30 Nov 2017 ASA-201711-41 AVG-531 libxcursor High arbitrary code execution
References
http://openwall.com/lists/oss-security/2017/11/28/6
https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2