icoutils-0.31.3-1.el7
エラータID: AXSA:2017-1531:01
The icoutils are a set of programs for extracting and converting images in
Microsoft Windows icon and cursor files. These files usually have the
extension .ico or .cur, but they can also be embedded in executables or
libraries.
Security issues fixed with this release:
CVE-2017-5208
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-5332
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-5333
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-6009
An issue was discovered in icoutils 0.31.1. A buffer overflow was
observed in the "decode_ne_resource_id" function in the "restable.c"
source file. This is happening because the "len" parameter for memcpy
is not checked for size and thus becomes a negative integer in the
process, resulting in a failed memcpy. This affects wrestool.
CVE-2017-6010
An issue was discovered in icoutils 0.31.1. A buffer overflow was
observed in the "extract_icons" function in the "extract.c" source
file. This issue can be triggered by processing a corrupted ico file
and will result in an icotool crash.
CVE-2017-6011
An issue was discovered in icoutils 0.31.1. An out-of-bounds read
leading to a buffer overflow was observed in the "simple_vec" function
in the "extract.c" source file. This affects icotool.
Update package.
Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool.
An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash.
An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool.
N/A
SRPMS
- icoutils-0.31.3-1.el7.src.rpm
MD5: 0c38d65f007e5137487cc989f42ad38b
SHA-256: d6d8a103301487ea6f2ab693340ec5f536b13ff478d5f2210aee74949cce52f3
Size: 584.40 kB
Asianux Server 7 for x86_64
- icoutils-0.31.3-1.el7.x86_64.rpm
MD5: b50b7c8f11a4890e1091f6f1c5deb424
SHA-256: b0221e9ef49cce850db3f581b756c6f0e9120026908d5f2e3433980cbd50c772
Size: 81.63 kB