CVE-2017-5332: Buffer Overflow

First published: Wed Jan 11 2017(Updated: )

A vulnerability was found in icoutils in extract.c. It is possible to access unallocated memory via wrestool while parsing maliciously crafted file which would make the application crash or possibly allow code execution. References: <a href="http://seclists.org/oss-sec/2017/q1/56">http://seclists.org/oss-sec/2017/q1/56</a> Upstream patch: <a href="http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a">http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a</a>

Credit: security@debian.org

Affected Software	Affected Version	How to fix
redhat/icoutils	<0.31.1	0.31.1
Icoutils Project Icoutils	<0.31.1
Redhat Enterprise Linux	=7.0
Redhat Enterprise Linux Desktop	=7.0
Redhat Enterprise Linux Server Aus	=7.3
Redhat Enterprise Linux Server Aus	=7.4
Redhat Enterprise Linux Server Aus	=7.6
Redhat Enterprise Linux Server Aus	=7.7
Redhat Enterprise Linux Server Eus	=7.3
Redhat Enterprise Linux Server Eus	=7.4
Redhat Enterprise Linux Server Eus	=7.5
Redhat Enterprise Linux Server Eus	=7.6
Redhat Enterprise Linux Server Eus	=7.7
Redhat Enterprise Linux Server Tus	=7.3
Redhat Enterprise Linux Server Tus	=7.6
Redhat Enterprise Linux Server Tus	=7.7
Redhat Enterprise Linux Workstation	=7.0
Canonical Ubuntu Linux	=12.04
Debian Debian Linux	=8.0
Debian Debian Linux	=9.0
Debian Debian Linux	=10.0
openSUSE Leap	=42.1
openSUSE Leap	=42.2
openSUSE openSUSE	=13.2

Never miss a vulnerability like this again

Reference Links

agent/type
agent/first-publish-date
agent/severity
agent/references
agent/remedy
agent/author
agent/weakness
agent/description
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2017-5332
agent/software-canonical-lookup
agent/tags
agent/event
vendor/icoutils project
canonical/icoutils project icoutils
vendor/redhat
canonical/redhat enterprise linux
version/redhat enterprise linux/7.0
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/7.3
version/redhat enterprise linux server aus/7.4
version/redhat enterprise linux server aus/7.6
version/redhat enterprise linux server aus/7.7
canonical/redhat enterprise linux server eus
version/redhat enterprise linux server eus/7.3
version/redhat enterprise linux server eus/7.4
version/redhat enterprise linux server eus/7.5
version/redhat enterprise linux server eus/7.6
version/redhat enterprise linux server eus/7.7
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/7.3
version/redhat enterprise linux server tus/7.6
version/redhat enterprise linux server tus/7.7
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/7.0
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/12.04
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
version/debian debian linux/9.0
version/debian debian linux/10.0
vendor/opensuse
canonical/opensuse leap
version/opensuse leap/42.1
version/opensuse leap/42.2
canonical/opensuse opensuse
version/opensuse opensuse/13.2
package-manager/redhat

CVE-2017-5332: Buffer Overflow

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact