CVE-2015-9262

Published: Aug 1, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.

Affected (8)

Products: Debian: Debian Linux · Canonical: Ubuntu Linux · X: Libxcursor · +1 more

Show all products

Debian: Debian Linux · Canonical: Ubuntu Linux · X: Libxcursor · Redhat: Ansible Tower, Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation

1 product

1 product

1 product

4 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
X Libxcursor	Before 1.1.15

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Ansible Tower	Version 3.3
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Workstation	Version 7.0

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (12)

https://access.redhat.com/errata/RHSA-2018:3059

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3505

Source: cve@mitre.org

Third Party Advisory

https://bugs.freedesktop.org/show_bug.cgi?id=90857

Source: cve@mitre.org

PatchThird Party Advisory

https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=897213f36baf6926daf6d192c709cf627aa5fd05

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/08/msg00016.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://usn.ubuntu.com/3729-1/

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3059

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3505

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugs.freedesktop.org/show_bug.cgi?id=90857

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=897213f36baf6926daf6d192c709cf627aa5fd05

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/08/msg00016.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://usn.ubuntu.com/3729-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.