libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.

It was discovered that the Wayland Xcursor support incorrectly handled certain files. An attacker could use these issues to cause Wayland to crash, resulting in a denial of service, or possibly execute arbitrary code.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

libXcursor 1.1.15

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libXcursor fixes the following issues :

  - CVE-2017-16612: It is possible to trigger heap overflows     due to an integer overflow while parsing images and a     signedness issue while parsing comments. (boo#1065386)

This update for xorg-x11-libs fixes several issues. These security issues were fixed :

  - CVE-2017-16612: Heap overflows due to an integer     overflow while parsing images and a signedness issue     while parsing comments (bsc#1065386).

  - CVE-2017-13720: Improper check for end of string in     PatterMatch caused invalid reads (bsc#1054285)

  - CVE-2017-13722: Malformed PCF file could have caused DoS     or leak information (bsc#1049692)

  - Prevent the X server from accessing arbitrary files as     root. It is not possible to leak information, but     special files can be touched allowing for causing side     effects (bsc#1050459)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the libXcursor packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - libXcursor before 1.1.15 has various integer overflows     that could lead to heap buffer overflows when     processing malicious cursors, e.g., with programs like     GIMP.(CVE-2017-16612)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201801-04 (LibXcursor: User-assisted execution of arbitrary code)

    It was discovered that libXcursor is prone to several heap overflows       when parsing malicious files.
  Impact :

    A remote attacker, by enticing a user to process a specially crafted       cursor file, could possibly execute arbitrary code with the privileges of       the process or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

The freedesktop.org project reports :

It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments.

The integer overflow occurs because the chosen limit 0x10000 for dimensions is too large for 32 bit systems, because each pixel takes 4 bytes. Properly chosen values allow an overflow which in turn will lead to less allocated memory than needed for subsequent reads.

The signedness bug is triggered by reading the length of a comment as unsigned int, but casting it to int when calling the function XcursorCommentCreate. Turning length into a negative value allows the check against XCURSOR_COMMENT_MAX_LEN to pass, and the following addition of sizeof (XcursorComment) + 1 makes it possible to allocate less memory than needed for subsequent reads.

It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file.

It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file.

For Debian 7 'Wheezy', these problems have been fixed in version 1:1.1.13-1+deb7u2.

We recommend that you upgrade your libxcursor packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libXcursor fixes the following issues: Security issue fixed :

  - CVE-2017-16612: Fix integeroverflow while parsing images     and a signedness issue while parsing comments     (bsc#1065386).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that libxcursor incorrectly handled certain files.
An attacker could use these issues to cause libxcursor to crash, resulting in a denial of service, or possibly execute arbitrary code.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

New libXcursor packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

ID	Name	Product	Family	Severity
108950	Ubuntu 14.04 LTS / 16.04 LTS : Wayland vulnerability (USN-3622-1)	Nessus	Ubuntu Local Security Checks	high
107157	Fedora 27 : libXcursor (2018-1c5dada34b)	Nessus	Fedora Local Security Checks	high
107156	Fedora 26 : libXcursor (2018-0eed1be1c0)	Nessus	Fedora Local Security Checks	high
106924	openSUSE Security Update : libXcursor (openSUSE-2018-196)	Nessus	SuSE Local Security Checks	high
106449	SUSE SLES11 Security Update : xorg-x11-libs (SUSE-SU-2018:0246-1)	Nessus	SuSE Local Security Checks	high
106145	EulerOS 2.0 SP2 : libXcursor (EulerOS-SA-2018-1004)	Nessus	Huawei Local Security Checks	high
106144	EulerOS 2.0 SP1 : libXcursor (EulerOS-SA-2018-1003)	Nessus	Huawei Local Security Checks	high
105630	GLSA-201801-04 : LibXcursor: User-assisted execution of arbitrary code	Nessus	Gentoo Local Security Checks	high
105339	FreeBSD : libXcursor -- integer overflow that can lead to heap buffer overflow (ddecde18-e33b-11e7-a293-54e1ad3d6335)	Nessus	FreeBSD Local Security Checks	high
105120	Debian DSA-4059-1 : libxcursor - security update	Nessus	Debian Local Security Checks	high
105117	Debian DLA-1201-1 : libxcursor security update	Nessus	Debian Local Security Checks	high
105035	SUSE SLED12 / SLES12 Security Update : libXcursor (SUSE-SU-2017:3214-1)	Nessus	SuSE Local Security Checks	high
104884	Ubuntu 14.04 LTS / 16.04 LTS : libxcursor vulnerability (USN-3501-1)	Nessus	Ubuntu Local Security Checks	high
104858	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : libXcursor (SSA:2017-333-01)	Nessus	Slackware Local Security Checks	high

Detections

Analytics

CVE-2017-16612

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high