CVE-2017-16612
libxcursor - security update
7.5
HIGH
CVSS 3.1
EPSS 3.7%
Description
libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.
How to fix CVE-2017-16612
To remediate CVE-2017-16612, upgrade the affected package to a fixed version below.
- —upgrade to 1.1.15-r0 or later
- —upgrade to 1:1.1.14-3.1 or later
- —upgrade to 1:1.1.13-1+deb7u2 or later
- —upgrade to 1:1.1.14-1+deb8u1 or later
- —upgrade to 1.14.0-2 or later
Is CVE-2017-16612 being exploited?
Low — EPSS is 3.7%, meaning exploitation activity has not been observed at scale.
Affected packages (5)
- from 0, < 1.1.15-r0
- from 0, < 1:1.1.14-3.1
- from 0, < 1:1.1.13-1+deb7u2
- from 0, < 1:1.1.14-1+deb8u1
- from 0, < 1.14.0-2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |