Описание
Security update for icoutils
This update for icoutils to version 0.31.1 fixes the following issues:
- CVE-2017-5208: An integer overflow allows maliciously crafted files to cause DoS or code execution (boo#1018756).
- CVE-2017-5331: Incorrect out of bounds checks in check_offset allow for DoS or code execution (boo#1018756).
- CVE-2017-5332: Missing out of bounds checks in extract_group_icon_cursor_resource allow for DoS or code execution (boo#1018756).
- CVE-2017-5333: Incorrect out of bounds checks in check_offset allow for DoS or code execution (boo#1018756).
Список пакетов
openSUSE Leap 42.2
Ссылки
- E-Mail link for openSUSE-SU-2017:0167-1
- SUSE Security Ratings
Описание
Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.
Затронутые продукты
Ссылки
- CVE-2017-5208
- SUSE Bug 1018756
- SUSE Bug 1019328
Описание
Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
Затронутые продукты
Ссылки
- CVE-2017-5331
- SUSE Bug 1018756
- SUSE Bug 1019328
Описание
The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
Затронутые продукты
Ссылки
- CVE-2017-5332
- SUSE Bug 1018756
- SUSE Bug 1019328
Описание
Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.
Затронутые продукты
Ссылки
- CVE-2017-5333
- SUSE Bug 1018756
- SUSE Bug 1019328