Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| icoutils_project | icoutils | * |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.3 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.5 |
| redhat | enterprise_linux_server_tus | 7.3 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_eus | 7.6 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_desktop | 7.0 |
Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| icoutils_project | icoutils | * |
| opensuse | opensuse | 13.2 |
| opensuse | leap | 42.2 |
| canonical | ubuntu_linux | 12.04 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| opensuse | leap | 42.1 |
The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| icoutils_project | icoutils | * |
| redhat | enterprise_linux | 7.0 |
| debian | debian_linux | 10.0 |
| redhat | enterprise_linux_server_aus | 7.6 |
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_server_eus | 7.3 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.5 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_server_tus | 7.3 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.7 |
| opensuse | opensuse | 13.2 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.7 |
| opensuse | leap | 42.2 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_server_aus | 7.4 |
| debian | debian_linux | 9.0 |
| opensuse | leap | 42.1 |
| redhat | enterprise_linux_desktop | 7.0 |
Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| icoutils_project | icoutils | * |
| redhat | enterprise_linux | 7.0 |
| debian | debian_linux | 10.0 |
| redhat | enterprise_linux_server_aus | 7.6 |
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_server_eus | 7.3 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.5 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_server_tus | 7.3 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.7 |
| opensuse | opensuse | 13.2 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.7 |
| opensuse | leap | 42.2 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_server_aus | 7.4 |
| debian | debian_linux | 9.0 |
| opensuse | leap | 42.1 |
| redhat | enterprise_linux_desktop | 7.0 |
An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.3 |
| redhat | enterprise_linux_workstation | 7.0 |
| icoutils_project | icoutils | 0.31.1 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.5 |
| redhat | enterprise_linux_server_tus | 7.3 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_eus | 7.6 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_server_aus | 7.4 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux_desktop | 7.0 |
An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.3 |
| redhat | enterprise_linux_workstation | 7.0 |
| icoutils_project | icoutils | 0.31.1 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.5 |
| redhat | enterprise_linux_server_tus | 7.3 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_eus | 7.6 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_server_aus | 7.4 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux_desktop | 7.0 |
An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.3 |
| redhat | enterprise_linux_workstation | 7.0 |
| icoutils_project | icoutils | 0.31.1 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.5 |
| redhat | enterprise_linux_server_tus | 7.3 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_eus | 7.6 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_server_aus | 7.4 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux_desktop | 7.0 |