[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

[3.4] libxcursor: heap overflows when parsing malicious files (CVE-2017-16612)

ID: oval:org.secpod.oval:def:1800148Date: (C)2018-03-28   (M)2022-08-31
Class: PATCHFamily: unix




It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments.The integer overflow occurs because the chosen limit 0x10000 for dimensions is too large for 32 bit systems, because each pixel takes4 bytes. Properly chosen values allow an overflow which in turn will lead to less allocated memory than needed for subsequent reads. Fixed In Version: libXcursor 1.1.15

Platform:
Alpine Linux 3.4
Product:
libxcursor
Reference:
8230
CVE-2017-16612
CVE    1
CVE-2017-16612
CPE    3
cpe:/a:x:libxcursor
cpe:/o:alpinelinux:alpine_linux:3.4
cpe:/a:x:libxcursor:1.1.14

© SecPod Technologies