CVE-2017-6009 — Debian Icoutils vulnerability

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	icoutils	< icoutils 0.31.2-1 (bookworm)	icoutils 0.31.2-1 (bookworm)
icoutils_project	icoutils	—	—
icoutils_project	icoutils	>= 0 < 0.31.2-1	0.31.2-1
icoutils_project	icoutils	>= 0 < 0.31.2-1	0.31.2-1
icoutils_project	icoutils	>= 0 < 0.31.2-1	0.31.2-1
icoutils_project	icoutils	>= 0 < 0.31.2-1	0.31.2-1
icoutils_project	icoutils	>= 0 < 0.31.0-3ubuntu0.1	0.31.0-3ubuntu0.1
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_workstation	—	—

GHSA

GHSA-82cf-r7f2-jqcr: An issue was discovered in icoutils 0

ghsa_unreviewed·2022-05-14

CVE-2017-6009 [MEDIUM] CWE-119 GHSA-82cf-r7f2-jqcr: An issue was discovered in icoutils 0 An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool.

OSV

icoutils vulnerabilities

osv·2021-01-18·CVSS 8.8

CVE-2017-5208 [HIGH] icoutils vulnerabilities icoutils vulnerabilities Choongwoo Han discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2017-5208) It was discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2017-5331, CVE-2017-5332, CVE-2017-5333) Jerzy Kramarz discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2017-6009, CVE-2017-6010) Jerzy Kramarz discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information. (CVE-2017-6011)

OSV

CVE-2017-6009: An issue was discovered in icoutils 0

osv·2017-02-16·CVSS 5.5

CVE-2017-6009 [MEDIUM] CVE-2017-6009: An issue was discovered in icoutils 0 An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool.

Ubuntu

icoutils vulnerabilities

vendor_ubuntu·2021-01-18·CVSS 8.8

CVE-2017-5332 [HIGH] icoutils vulnerabilities Title: icoutils vulnerabilities Summary: Several security issues were fixed in icoutils. Choongwoo Han discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2017-5208) It was discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2017-5331, CVE-2017-5332, CVE-2017-5333) Jerzy Kramarz discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2017-6009, CVE-2017-6010) Jerzy Kramarz discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue

Ubuntu

icoutils vulnerabilities

vendor_ubuntu·2017-03-13

CVE-2017-6009 icoutils vulnerabilities Title: icoutils vulnerabilities Summary: icoutils could be made to crash or run programs as your login if it opened a specially crafted file. Jerzy Kramarz discovered that icoutils incorrectly handled memory when processing certain files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause icoutils to crash, resulting in a denial of service, or possibly execute arbitrary code. Instructions: In general, a standard system update will make all the necessary changes.

Red Hat

icoutils: Buffer overflow in the decode_ne_resource_id function

vendor_redhat·2017-02-03·CVSS 5.5

CVE-2017-6009 [MEDIUM] CWE-190 icoutils: Buffer overflow in the decode_ne_resource_id function icoutils: Buffer overflow in the decode_ne_resource_id function An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool. A vulnerability was found in icoutils, in the wrestool program. An attacker could create a crafted executable that, when read by wrestool, could result in memory corruption leading to a crash or potential code execution.

Debian

CVE-2017-6009: icoutils - An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in th...

vendor_debian·2017·CVSS 5.5

CVE-2017-6009 [MEDIUM] CVE-2017-6009: icoutils - An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in th... An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool. Scope: local bookworm: resolved (fixed in 0.31.2-1) bullseye: resolved (fixed in 0.31.2-1) forky: resolved (fixed in 0.31.2-1) sid: resolved (fixed in 0.31.2-1) trixie: resolved (fixed in 0.31.2-1)

CVE-2017-6009: An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is…

Affected

CVSS provenance