CVE-2017-6009

Priority
Medium
Description
An issue was discovered in icoutils 0.31.1. A buffer overflow was observed
in the "decode_ne_resource_id" function in the "restable.c" source file.
This is happening because the "len" parameter for memcpy is not checked for
size and thus becomes a negative integer in the process, resulting in a
failed memcpy. This affects wrestool.
References
Bugs
Package
Upstream:released (0.31.2-1)
Ubuntu 17.10 (Artful Aardvark):not-affected (0.31.2-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [0.29.1-2ubuntu0.2])
Ubuntu 14.04 LTS (Trusty Tahr):released (0.31.0-2+deb8u3build0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.04 (Zesty Zapus):not-affected (0.31.2-1)
Patches:
Upstream:http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=f148ae5af1c9eeb85610a5653a7f625dd6c3ac2e
More Information

Updated: 2017-10-23 12:31:38 UTC (commit 13562)