Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libxfixes | X | * | 5.0 (including) |
| Libxfixes | X | 4.0 (including) | 4.0 (including) |
| Libxfixes | X | 4.0.1 (including) | 4.0.1 (including) |
| Libxfixes | X | 4.0.2 (including) | 4.0.2 (including) |
| Libxfixes | X | 4.0.3 (including) | 4.0.3 (including) |
| Libxfixes | X | 4.0.4 (including) | 4.0.4 (including) |
| Libxfixes | X | 4.0.5 (including) | 4.0.5 (including) |