CVE-2017-6009

CWE-119Buffer OverflowCWE-190Integer OverflowCWE-122Heap-based Buffer Overflow12 documents8 sources
Severity
5.5MEDIUM
EPSS
0.3%
top 48.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Debian Debian LinuxIcoutils Project IcoutilsRedhat Enterprise Linux Desktop+5 more
Timeline
PublishedFeb 16
Latest updateMay 14

Description

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

Debianicoutils< 0.31.2-1+3

Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 7.3, 7.4, 7.6, 7.5

🔴Vulnerability Details

4
GHSA
GHSA-82cf-r7f2-jqcr: An issue was discovered in icoutils 02022-05-14
OSV
icoutils vulnerabilities2021-01-18
CVEList
CVE-2017-6009: An issue was discovered in icoutils 02017-02-16
OSV
CVE-2017-6009: An issue was discovered in icoutils 02017-02-16

📋Vendor Advisories

4
Ubuntu
icoutils vulnerabilities2021-01-18
Ubuntu
icoutils vulnerabilities2017-03-13
Red Hat
icoutils: Buffer overflow in the decode_ne_resource_id function2017-02-03
Debian
CVE-2017-6009: icoutils - An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in th...2017

💬Community

3
Bugzilla
CVE-2017-6009 CVE-2017-6010 CVE-2017-6011 icoutils: various flaws [epel-6]2017-03-09
Bugzilla
CVE-2017-6009 icoutils: Buffer overflow in the decode_ne_resource_id function2017-02-16
Bugzilla
CVE-2017-6009 CVE-2017-6010 CVE-2017-6011 icoutils: various flaws [fedora-all]2017-02-16
CVE-2017-6009 (MEDIUM CVSS 5.5) | An issue was discovered in icoutils | cvebase.io