[Bug 1025700] New: VUL-0: CVE-2017-6011: icoutils: out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function

http://bugzilla.opensuse.org/show_bug.cgi?id=1025700 Bug ID: 1025700 Summary: VUL-0: CVE-2017-6011: icoutils: out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 714423 --> http://bugzilla.opensuse.org/attachment.cgi?id=714423&action=edit OOB_simple_vec Ref: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6011 ==================================================================== Original release date: 02/16/2017 Last revised: 02/16/2017 Source: US-CERT/NIST Awaiting Analysis This vulnerability is currently awaiting analysis. Overview An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool. References to Advisories, Solutions, and Tools By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov. External Source: MISC Name: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854054 Hyperlink: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854054 Vulnerable software and versions Changes related to vulnerability configurations Technical Details Vulnerability Type (View All) CVE Standard Vulnerability Entry http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6011 ==================================================================== https://software.opensuse.org/package/icoutils TW|42.{1,2} : 0.31.1 ====================================================================

From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854054

-- You are receiving this mail because: You are on the CC list for the bug.