CVE-2017-5208: Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted…

CVE-2017-5208 [HIGH] CWE-190 GHSA-3v6p-5m88-xqx6: Integer overflow in the wrestool program in icoutils before 0 Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.

CVE-2017-5208 [HIGH] icoutils vulnerabilities icoutils vulnerabilities Choongwoo Han discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2017-5208) It was discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2017-5331, CVE-2017-5332, CVE-2017-5333) Jerzy Kramarz discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2017-6009, CVE-2017-6010) Jerzy Kramarz discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information. (CVE-2017-6011)

CVE-2017-5208 [HIGH] CVE-2017-5208: Integer overflow in the wrestool program in icoutils before 0 Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.

CVE-2017-5332 [HIGH] icoutils vulnerabilities Title: icoutils vulnerabilities Summary: Several security issues were fixed in icoutils. Choongwoo Han discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2017-5208) It was discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2017-5331, CVE-2017-5332, CVE-2017-5333) Jerzy Kramarz discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2017-6009, CVE-2017-6010) Jerzy Kramarz discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue

CVE-2017-5208 icoutils vulnerabilities Title: icoutils vulnerabilities Summary: icoutils could be made to crash or run programs as your login if it opened a specially crafted file. It was discovered that icoutils incorrectly handled memory when processing certain files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause icoutils to crash, resulting in a denial of service, or possibly execute arbitrary code. Instructions: In general, a standard system update will make all the necessary changes.

CVE-2017-5208 [HIGH] CWE-190 icoutils: Check_offset overflow on 64-bit systems icoutils: Check_offset overflow on 64-bit systems Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code. A vulnerability was found in icoutils, in the wrestool program. An attacker could create a crafted executable that, when read by wrestool, could result in memory corruption leading to a crash or potential code execution.

CVE-2017-5331 [HIGH] CWE-190 icoutils: Check_offset overflow on 64-bit systems icoutils: Check_offset overflow on 64-bit systems Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. Statement: This issue did not affect the versions of icoutils as shipped with Red Hat Enterprise Linux 7 as they did not backport the vulnerable patches provided to fix a previous flaw (CVE-2017-5208). Package: icoutils (Red Hat Enterprise Linux 7) - Not affected

CVE-2017-5208 [HIGH] CVE-2017-5208: icoutils - Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote... Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code. Scope: local bookworm: resolved (fixed in 0.31.0-4) bullseye: resolved (fixed in 0.31.0-4) forky: resolved (fixed in 0.31.0-4) sid: resolved (fixed in 0.31.0-4) trixie: resolved (fixed in 0.31.0-4)

CVE-2017-14955 [MEDIUM] CVE-2017-14955 check-mk: Mishandles certain errors within the failed-login save feature because of a race condition CVE-2017-14955 check-mk: Mishandles certain errors within the failed-login save feature because of a race condition Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report. External References: https://mathias-kettner.de/check_mk_werks.php?werk_id=5208 Discussion: Created check-mk tracking bugs for this issue: Affects: epel-all [bug 1497972] Affects: fedora-all [bug 1497973] --- Upstream Fix: http://git.mathias-kettner.de/git/?p=check_mk.git;a=patch;h=a4a2cc1f30ff6032899ca80eed29fa26b8898c54 --- Statement: Red Hat Gluster Storage 3 is not affected because affected code is not shipped in the product. Affected code is presen

CVE-2017-5331 [HIGH] CVE-2017-5331 icoutils: Check_offset overflow on 64-bit systems CVE-2017-5331 icoutils: Check_offset overflow on 64-bit systems An integer overflow vulnerability was found in icoutils in the wrestool program. A maliciously crafted file could make the application crash or possibly allow code execution. This is a CVE for an insufficient patch for CVE-2017-5208. References: http://seclists.org/oss-sec/2017/q1/56 Upstream patch: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=4fbe9222fd79ee31b7ec031b0be070a9a400d1d3 Discussion: Statement: This issue did not affect the versions of icoutils as shipped with Red Hat Enterprise Linux 7 as they did not backport the vulnerable patches provided to fix a previous flaw (CVE-2017-5208). --- Created icoutils tracking bugs for this issue: Affects: fedora-all [bug 1412265] Affects: epel-6 [bug 141226

CVE-2017-5208 [HIGH] CVE-2017-5208 icoutils: Check_offset overflow on 64-bit systems [fedora-all] CVE-2017-5208 icoutils: Check_offset overflow on 64-bit systems [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of F

CVE-2017-5208 [HIGH] CVE-2017-5208 icoutils: Check_offset overflow on 64-bit systems [epel-6] CVE-2017-5208 icoutils: Check_offset overflow on 64-bit systems [epel-6] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. [bug automatically created by: add-tracking-bugs] Disc

CVE-2017-5208 [HIGH] CVE-2017-5208 icoutils: Check_offset overflow on 64-bit systems CVE-2017-5208 icoutils: Check_offset overflow on 64-bit systems An integer overflow vulnerability was found in icoutils in the wrestool program. A maliciously crafted file could make the application crash or possibly allow code execution. References: http://seclists.org/oss-sec/2017/q1/38 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850017 Upstream patches: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=0d569f458f306b88f60156d60c9cf058125cf173 http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=4fbe9222fd79ee31b7ec031b0be070a9a400d1d3 Discussion: Created icoutils tracking bugs for this issue: Affects: fedora-all [bug 1411252] Affects: epel-6 [bug 1411253] --- As noted in comment 0, the patch for CVE-5208-5331 (bug 1412248) must be included to correctly address