Mailinglist Archive: opensuse-bugs (4250 mails)

< Previous Next >
[Bug 1018756] New: VUL-0: icoutils: exploitable crash in wrestool programm
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Sun, 08 Jan 2017 11:13:43 +0000
  • Message-id: <bug-1018756-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1018756


Bug ID: 1018756
Summary: VUL-0: icoutils: exploitable crash in wrestool
programm
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@xxxxxxx
Reporter: mikhail.kasimov@xxxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

Ref: http://seclists.org/oss-sec/2017/q1/38
=============================================
Hi

Choongwoo Han reported[0] an exploitable crash in wrestool from the
icoutils[1]. The command line tools is e.g. used in KDE's
metadataparsing, c.f. [2]. A patch is available in the Debian
packaging[3].

Could you please assign a CVE for this issue?

Regards,
Salvatore

[0] https://bugs.debian.org/850017
[1] http://www.nongnu.org/icoutils/
[2] https://codesearch.debian.net/search?q=wrestool&perpkg=1
[3]
https://anonscm.debian.org/git/users/cjwatson/icoutils.git/plain/debian/patches/check-offset-overflow.patch
=============================================

https://software.opensuse.org/package/icoutils

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
This Thread
  • No further messages