CVE-2017-5332: The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a…

high7.8CVSS 3.1

AVLACLPRNUIRSUCHIHAH

The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

Affected

30 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	icoutils	< icoutils 0.31.1-1 (bookworm)	icoutils 0.31.1-1 (bookworm)
debian	icoutils	—	—
icoutils_project	icoutils	< 0.31.1	0.31.1
icoutils_project	icoutils	>= 0 < 0.31.1-1	0.31.1-1
icoutils_project	icoutils	>= 0 < 0.31.1-1	0.31.1-1
icoutils_project	icoutils	>= 0 < 0.31.1-1	0.31.1-1
icoutils_project	icoutils	>= 0 < 0.31.1-1	0.31.1-1
icoutils_project	icoutils	>= 0 < 0.31.0-3ubuntu0.1	0.31.0-3ubuntu0.1
opensuse	leap	—	—
opensuse	leap	—	—
opensuse	opensuse	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

osv8.8HIGH