Icoutils Project Icoutils vulnerabilities

CVE-2017-5331 [HIGH] CWE-190 CVE-2017-5331: Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 all Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

CVE-2017-5332 [HIGH] CWE-119 CVE-2017-5332: The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access un The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

CVE-2017-5333 [HIGH] CWE-190 CVE-2017-5333: Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icout Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.

CVE-2017-5208 [HIGH] CWE-190 CVE-2017-5208: Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.

CVE-2017-6009 [MEDIUM] CWE-119 CVE-2017-6009: An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resourc An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool.

CVE-2017-6011 [MEDIUM] CWE-125 CVE-2017-6011: An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was o An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool.

CVE-2017-6010 [MEDIUM] CWE-119 CVE-2017-6010: An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" fu An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash.