CVE-2015-9262

_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
debiandebian_linux
8.0
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
xlibxcursor
𝑥
< 1.1.15
redhatansible_tower
3.3
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libxcursor
bookworm
1:1.2.1-1
fixed
bullseye
1:1.2.0-2
fixed
sid
1:1.2.2-1
fixed
trixie
1:1.2.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libxcursor
bionic
not-affected
trusty
Fixed 1:1.1.14-1ubuntu0.14.04.2
released
xenial
Fixed 1:1.1.14-1ubuntu0.16.04.2
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libXcursor1
suse enterprise sap 12 SP3
1.1.14-4.6.1
fixed
suse enterprise sap 12 SP5
1.1.14-4.6.1
fixed
suse enterprise server 12 SP3
1.1.14-4.6.1
fixed
suse enterprise server 12 SP4
1.1.14-4.6.1
fixed
suse enterprise server 12 SP5
1.1.14-4.6.1
fixed
libXcursor1-32bit
suse enterprise sap 12 SP3
1.1.14-4.6.1
fixed
suse enterprise sap 12 SP5
1.1.14-4.6.1
fixed
suse enterprise server 12 SP3
1.1.14-4.6.1
fixed
suse enterprise server 12 SP4
1.1.14-4.6.1
fixed
suse enterprise server 12 SP5
1.1.14-4.6.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
drm-utils
RHEL 7
0:2.4.91-3.el7
fixed
egl-utils
RHEL 7
0:8.3.0-10.el7
fixed
freeglut
RHEL 7
0:3.0.0-8.el7
fixed
freeglut-devel
RHEL 7
0:3.0.0-8.el7
fixed
glx-utils
RHEL 7
0:8.3.0-10.el7
fixed
intel-gpu-tools
RHEL 7
0:2.99.917-28.20180530.el7
fixed
libX11
RHEL 7
0:1.6.5-2.el7
fixed
libX11-common
RHEL 7
0:1.6.5-2.el7
fixed
libX11-devel
RHEL 7
0:1.6.5-2.el7
fixed
libXcursor
RHEL 7
0:1.1.15-1.el7
fixed
libXcursor-devel
RHEL 7
0:1.1.15-1.el7
fixed
libXfont
RHEL 7
0:1.5.4-1.el7
fixed
libXfont-devel
RHEL 7
0:1.5.4-1.el7
fixed
libXfont2
RHEL 7
0:2.0.3-1.el7
fixed
libXfont2-devel
RHEL 7
0:2.0.3-1.el7
fixed
libXres
RHEL 7
0:1.2.0-1.el7
fixed
libXres-devel
RHEL 7
0:1.2.0-1.el7
fixed
libdrm
RHEL 7
0:2.4.91-3.el7
fixed
libdrm-devel
RHEL 7
0:2.4.91-3.el7
fixed
libepoxy
RHEL 7
0:1.5.2-1.el7
fixed
libepoxy-devel
RHEL 7
0:1.5.2-1.el7
fixed
libglvnd
RHEL 7
1:1.0.1-0.8.git5baa1e5.el7
fixed
libglvnd-core-devel
RHEL 7
1:1.0.1-0.8.git5baa1e5.el7
fixed
libglvnd-devel
RHEL 7
1:1.0.1-0.8.git5baa1e5.el7
fixed
libglvnd-egl
RHEL 7
1:1.0.1-0.8.git5baa1e5.el7
fixed
libglvnd-gles
RHEL 7
1:1.0.1-0.8.git5baa1e5.el7
fixed
libglvnd-glx
RHEL 7
1:1.0.1-0.8.git5baa1e5.el7
fixed
libglvnd-opengl
RHEL 7
1:1.0.1-0.8.git5baa1e5.el7
fixed
libinput
RHEL 7
0:1.10.7-2.el7
fixed
libinput-devel
RHEL 7
0:1.10.7-2.el7
fixed
libwacom
RHEL 7
0:0.30-1.el7
fixed
libwacom-data
RHEL 7
0:0.30-1.el7
fixed
libwacom-devel
RHEL 7
0:0.30-1.el7
fixed
libxcb
RHEL 7
0:1.13-1.el7
fixed
libxcb-devel
RHEL 7
0:1.13-1.el7
fixed
libxcb-doc
RHEL 7
0:1.13-1.el7
fixed
mesa-demos
RHEL 7
0:8.3.0-10.el7
fixed
mesa-dri-drivers
RHEL 7
0:18.0.5-3.el7
fixed
mesa-filesystem
RHEL 7
0:18.0.5-3.el7
fixed
mesa-libEGL
RHEL 7
0:18.0.5-3.el7
fixed
mesa-libEGL-devel
RHEL 7
0:18.0.5-3.el7
fixed
mesa-libGL
RHEL 7
0:18.0.5-3.el7
fixed
mesa-libGL-devel
RHEL 7
0:18.0.5-3.el7
fixed
mesa-libGLES
RHEL 7
0:18.0.5-3.el7
fixed
mesa-libGLES-devel
RHEL 7
0:18.0.5-3.el7
fixed
mesa-libOSMesa
RHEL 7
0:18.0.5-3.el7
fixed
mesa-libOSMesa-devel
RHEL 7
0:18.0.5-3.el7
fixed
mesa-libgbm
RHEL 7
0:18.0.5-3.el7
fixed
mesa-libgbm-devel
RHEL 7
0:18.0.5-3.el7
fixed
mesa-libglapi
RHEL 7
0:18.0.5-3.el7
fixed
mesa-libwayland-egl
RHEL 7
0:18.0.5-3.el7
fixed
mesa-libwayland-egl-devel
RHEL 7
0:18.0.5-3.el7
fixed
mesa-libxatracker
RHEL 7
0:18.0.5-3.el7
fixed
mesa-libxatracker-devel
RHEL 7
0:18.0.5-3.el7
fixed
mesa-vdpau-drivers
RHEL 7
0:18.0.5-3.el7
fixed
mesa-vulkan-drivers
RHEL 7
0:18.0.5-3.el7
fixed
tigervnc
RHEL 7
0:1.8.0-13.el7
fixed
tigervnc-icons
RHEL 7
0:1.8.0-13.el7
fixed
tigervnc-license
RHEL 7
0:1.8.0-13.el7
fixed
tigervnc-server
RHEL 7
0:1.8.0-13.el7
fixed
tigervnc-server-applet
RHEL 7
0:1.8.0-13.el7
fixed
tigervnc-server-minimal
RHEL 7
0:1.8.0-13.el7
fixed
tigervnc-server-module
RHEL 7
0:1.8.0-13.el7
fixed
vulkan
RHEL 7
0:1.1.73.0-1.el7
fixed
vulkan-devel
RHEL 7
0:1.1.73.0-1.el7
fixed
vulkan-filesystem
RHEL 7
0:1.1.73.0-1.el7
fixed
xcb-proto
RHEL 7
0:1.13-1.el7
fixed
xkeyboard-config
RHEL 7
0:2.24-1.el7
fixed
xkeyboard-config-devel
RHEL 7
0:2.24-1.el7
fixed
xorg-x11-drv-ati
RHEL 7
0:18.0.1-1.el7
fixed
xorg-x11-drv-dummy
RHEL 7
0:0.3.7-1.el7.1
fixed
xorg-x11-drv-evdev
RHEL 7
0:2.10.6-1.el7
fixed
xorg-x11-drv-evdev-devel
RHEL 7
0:2.10.6-1.el7
fixed
xorg-x11-drv-fbdev
RHEL 7
0:0.5.0-1.el7
fixed
xorg-x11-drv-intel
RHEL 7
0:2.99.917-28.20180530.el7
fixed
xorg-x11-drv-intel-devel
RHEL 7
0:2.99.917-28.20180530.el7
fixed
xorg-x11-drv-libinput
RHEL 7
0:0.27.1-2.el7
fixed
xorg-x11-drv-libinput-devel
RHEL 7
0:0.27.1-2.el7
fixed
xorg-x11-drv-mouse
RHEL 7
0:1.9.2-2.el7
fixed
xorg-x11-drv-mouse-devel
RHEL 7
0:1.9.2-2.el7
fixed
xorg-x11-drv-nouveau
RHEL 7
1:1.0.15-1.el7
fixed
xorg-x11-drv-openchrome
RHEL 7
0:0.5.0-3.el7.1
fixed
xorg-x11-drv-openchrome-devel
RHEL 7
0:0.5.0-3.el7.1
fixed
xorg-x11-drv-qxl
RHEL 7
0:0.1.5-4.el7.1
fixed
xorg-x11-drv-synaptics
RHEL 7
0:1.9.0-2.el7
fixed
xorg-x11-drv-synaptics-devel
RHEL 7
0:1.9.0-2.el7
fixed
xorg-x11-drv-v4l
RHEL 7
0:0.2.0-49.el7
fixed
xorg-x11-drv-vesa
RHEL 7
0:2.4.0-1.el7
fixed
xorg-x11-drv-vmmouse
RHEL 7
0:13.1.0-1.el7.1
fixed
xorg-x11-drv-vmware
RHEL 7
0:13.2.1-1.el7.1
fixed
xorg-x11-drv-void
RHEL 7
0:1.4.1-2.el7.1
fixed
xorg-x11-drv-wacom
RHEL 7
0:0.36.1-1.el7
fixed
xorg-x11-drv-wacom-devel
RHEL 7
0:0.36.1-1.el7
fixed
xorg-x11-font-utils
RHEL 7
1:7.5-21.el7
fixed
xorg-x11-proto-devel
RHEL 7
0:2018.4-1.el7
fixed
xorg-x11-server-Xdmx
RHEL 7
0:1.20.1-3.el7
fixed
xorg-x11-server-Xephyr
RHEL 7
0:1.20.1-3.el7
fixed
xorg-x11-server-Xnest
RHEL 7
0:1.20.1-3.el7
fixed
xorg-x11-server-Xorg
RHEL 7
0:1.20.1-3.el7
fixed
xorg-x11-server-Xspice
RHEL 7
0:0.1.5-4.el7.1
fixed
xorg-x11-server-Xvfb
RHEL 7
0:1.20.1-3.el7
fixed
xorg-x11-server-Xwayland
RHEL 7
0:1.20.1-3.el7
fixed
xorg-x11-server-common
RHEL 7
0:1.20.1-3.el7
fixed
xorg-x11-server-devel
RHEL 7
0:1.20.1-3.el7
fixed
xorg-x11-server-source
RHEL 7
0:1.20.1-3.el7
fixed
xorg-x11-utils
RHEL 7
0:7.5-23.el7
fixed
xorg-x11-xkb-extras
RHEL 7
0:7.7-14.el7
fixed
xorg-x11-xkb-utils
RHEL 7
0:7.7-14.el7
fixed
xorg-x11-xkb-utils-devel
RHEL 7
0:7.7-14.el7
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
libXcursor
Amazon Linux 1
0:1.1.14-2.1.10.amzn1
fixed
Amazon Linux 2
0:1.1.15-1.amzn2
fixed
libXcursor-debuginfo
Amazon Linux 1
0:1.1.14-2.1.10.amzn1
fixed
Amazon Linux 2
0:1.1.15-1.amzn2
fixed
libXcursor-devel
Amazon Linux 1
0:1.1.14-2.1.10.amzn1
fixed
Amazon Linux 2
0:1.1.15-1.amzn2
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2018:3059
https://access.redhat.com/errata/RHSA-2018:3505
https://bugs.freedesktop.org/show_bug.cgi?id=90857
https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=897213f36baf6926daf6d192c709cf627aa5fd05
https://lists.debian.org/debian-lts-announce/2018/08/msg00016.html
https://usn.ubuntu.com/3729-1/
https://access.redhat.com/errata/RHSA-2018:3059
https://access.redhat.com/errata/RHSA-2018:3505
https://bugs.freedesktop.org/show_bug.cgi?id=90857
https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=897213f36baf6926daf6d192c709cf627aa5fd05
https://lists.debian.org/debian-lts-announce/2018/08/msg00016.html
https://usn.ubuntu.com/3729-1/