Created attachment 714423 [details]
OOB_simple_vec

Ref: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6011
====================================================================
 Original release date: 02/16/2017
Last revised: 02/16/2017
Source: US-CERT/NIST
Awaiting Analysis

This vulnerability is currently awaiting analysis.
Overview

An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a
buffer overflow was observed in the "simple_vec" function in the "extract.c"
source file. This affects icotool.
References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided
these links to other web sites because they may have information that would be
of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are
more appropriate for your purpose. NIST does not necessarily endorse the views
expressed, or concur with the facts presented on these sites. Further, NIST
does not endorse any commercial products that may be mentioned on these sites.
Please address comments about this page to nvd@nist.gov.

External Source: MISC
Name: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854054
Hyperlink: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854054
Vulnerable software and versions

Changes related to vulnerability configurations
Technical Details
Vulnerability Type (View All)

CVE Standard Vulnerability Entry
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6011

====================================================================

https://software.opensuse.org/package/icoutils

TW|42.{1,2} : 0.31.1


====================================================================

>From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854054