libxcursor.so is vulnerable to heap overflows. The library doesn’t properly terminate the null character in strings, causing a one-byte heap overflow that can crash the application or execute arbitrary code.
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index
access.redhat.com/errata/RHSA-2018:3059
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=1259757
bugzilla.redhat.com/show_bug.cgi?id=1428340
bugzilla.redhat.com/show_bug.cgi?id=1496253
bugzilla.redhat.com/show_bug.cgi?id=1538756
bugzilla.redhat.com/show_bug.cgi?id=1564061
bugzilla.redhat.com/show_bug.cgi?id=1566101
bugzilla.redhat.com/show_bug.cgi?id=1570839
bugzilla.redhat.com/show_bug.cgi?id=1584740
bugzilla.redhat.com/show_bug.cgi?id=1592607
bugzilla.redhat.com/show_bug.cgi?id=1601742
bugzilla.redhat.com/show_bug.cgi?id=1601880
bugzilla.redhat.com/show_bug.cgi?id=1601960
bugzilla.redhat.com/show_bug.cgi?id=1602855
bugzilla.redhat.com/show_bug.cgi?id=1605325
bugzilla.redhat.com/show_bug.cgi?id=1613264
bugzilla.redhat.com/show_bug.cgi?id=1631880