CVE-2017-6010

CWE-119 — Buffer Overflow CWE-190 — Integer Overflow CWE-122 — Heap-based Buffer Overflow12 documents8 sources

Severity

5.5MEDIUM

EPSS

0.4%

top 42.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Debian Linux Icoutils Project Icoutils Redhat Enterprise Linux Desktop +5 more

Timeline

PublishedFeb 16

Latest updateMay 14

Description

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶Debianicoutils< 0.31.2-1+3

▶NVDicoutils_project/icoutils0.31.1

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

▶NVDredhat/enterprise_linux_workstation7.0

Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 7.3, 7.4, 7.6, 7.5

🔴Vulnerability Details

GHSA

GHSA-7w3j-wxh4-94xw: An issue was discovered in icoutils 0↗2022-05-14

▶

OSV

icoutils vulnerabilities↗2021-01-18

▶

CVEList

CVE-2017-6010: An issue was discovered in icoutils 0↗2017-02-16

▶

OSV

CVE-2017-6010: An issue was discovered in icoutils 0↗2017-02-16

▶

📋Vendor Advisories

Ubuntu

icoutils vulnerabilities↗2021-01-18

▶

Ubuntu

icoutils vulnerabilities↗2017-03-13

▶

Red Hat

icoutils: Buffer overflow in the extract_icons function↗2017-02-03

▶

Debian

CVE-2017-6010: icoutils - An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in th...↗2017

▶

💬Community

Bugzilla

CVE-2017-6009 CVE-2017-6010 CVE-2017-6011 icoutils: various flaws [epel-6]↗2017-03-09

▶

Bugzilla

CVE-2017-6009 CVE-2017-6010 CVE-2017-6011 icoutils: various flaws [fedora-all]↗2017-02-16

▶

Bugzilla

CVE-2017-6010 icoutils: Buffer overflow in the extract_icons function↗2017-02-16

▶