GCVE - cpe:2.3:a:x:libxcursor:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:x:libxcursor:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	X (`a2acdb6f-4f26-543b-8294-d5d6397c9211`)
Product	Libxcursor (`7a617f75-8246-5eee-bba9-7b8d81f58eb8`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/libxcursor`	purl2cpe	2026-06-01 10:12:31.142827
`pkg:deb/ubuntu/libxcursor`	purl2cpe	2026-06-01 10:12:31.142831
`pkg:github/freedesktop/libxcursor`	purl2cpe	2026-06-01 10:12:31.142834
`pkg:github/freedesktop/xorg-libxcursor`	purl2cpe	2026-06-01 10:12:31.142837
`pkg:github/val-verde/xorg-libxcursor`	purl2cpe	2026-06-01 10:12:31.142839
`pkg:rpm/centos/libxcursor`	purl2cpe	2026-06-01 10:12:31.142842
`pkg:rpm/fedora/libxcursor`	purl2cpe	2026-06-01 10:12:31.142845
`pkg:rpm/opensuse/libxcursor`	purl2cpe	2026-06-01 10:12:31.142848

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-16612`	vulnerable	2026-06-03 14:36:48.192270	Details available libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0. Published: 2017-12-01T17:00:00.000Z Updated: 2024-08-05T20:27:04.328Z Open on db.gcve.eu Reference links https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8 https://usn.ubuntu.com/3622-1/ http://www.openwall.com/lists/oss-security/2017/11/28/6 https://bugzilla.suse.com/show_bug.cgi?id=1065386 https://security.gentoo.org/glsa/201801-04	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-9262`	vulnerable	2026-06-03 14:35:19.505290	Details available _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. Published: 2018-08-01T23:00:00.000Z Updated: 2024-08-06T08:43:42.565Z Open on db.gcve.eu Reference links https://access.redhat.com/errata/RHSA-2018:3059 https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=897213f36baf6926daf6d192c709cf627aa5fd05 https://usn.ubuntu.com/3729-1/ https://access.redhat.com/errata/RHSA-2018:3505 https://lists.debian.org/debian-lts-announce/2018/08/msg00016.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-2003`	vulnerable	2026-06-03 14:32:53.132668	Details available Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate function. Published: 2013-06-15T20:00:00.000Z Updated: 2024-08-06T15:20:37.452Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/60121 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106791.html http://www.debian.org/security/2013/dsa-2681 http://www.ubuntu.com/usn/USN-1856-1 http://www.openwall.com/lists/oss-security/2013/05/23/3	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.