Описание
Security update for icoutils
This update for icoutils fixes the following issues:
- CVE-2017-6009: Buffer Overflows in wrestool (bsc#1025703)
- CVE-2017-6010, CVE-2017-6011: out-of-bounds read leading to a buffer overflow in the 'simple_vec' function (bsc#1025700)
Список пакетов
openSUSE Leap 42.2
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2017:2053-1
- SUSE Security Ratings
Описание
An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool.
Затронутые продукты
Ссылки
- CVE-2017-6009
- SUSE Bug 1025703
Описание
An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash.
Затронутые продукты
Ссылки
- CVE-2017-6010
- SUSE Bug 1025700
Описание
An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool.
Затронутые продукты
Ссылки
- CVE-2017-6011
- SUSE Bug 1025700