http://bugzilla.opensuse.org/show_bug.cgi?id=1025703 Bug ID: 1025703 Summary: VUL-0: CVE-2017-6009: icoutils: Buffer Overflows in wrestool Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 714431 --> http://bugzilla.opensuse.org/attachment.cgi?id=714431&action=edit reports_from_854050_debian_bugzilla Ref: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6009 ==================================================================== Original release date: 02/16/2017 Last revised: 02/16/2017 Source: US-CERT/NIST Awaiting Analysis This vulnerability is currently awaiting analysis. Overview An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool. References to Advisories, Solutions, and Tools By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov. External Source: MISC Name: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854050 Hyperlink: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854050 ==================================================================== https://software.opensuse.org/package/icoutils TW|42.{1,2} : 0.31.1 -- You are receiving this mail because: You are on the CC list for the bug.