[Secure-testing-team] Bug#883792: libxcursor: CVE-2017-16612: heap overflows when parsing malicious files
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 7 15:30:09 UTC 2017
Source: libxcursor
Version: 1:1.1.14-1
Severity: important
Tags: patch security upstream
Hi,
the following vulnerability was published for libxcursor.
CVE-2017-16612[0]:
| libXcursor before 1.1.15 has various integer overflows that could lead
| to heap buffer overflows when processing malicious cursors, e.g., with
| programs like GIMP.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-16612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16612
[1]
https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
Regards,
Salvatore
More information about the Secure-testing-team
mailing list