PT-2017-16828 · Icoutils+3 · Icoutils+3

Op7Ic

·

Publicado

2017-02-16

·

Atualizado

2024-06-15

·

CVE-2017-6009

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions icoutils version 0.31.1
Description A buffer overflow issue was found in the decode ne resource id function, located in the restable.c source file. This occurs because the len parameter for memcpy is not checked for size, resulting in a negative integer and a failed memcpy operation.
Recommendations For icoutils version 0.31.1, as a temporary workaround, consider disabling the decode ne resource id function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CESA-2017_0837
CVE-2017-6009
DLA-854-1
DSA-3807-1
MGASA-2017-0080
OPENSUSE-SU-2024:10858-1
RHSA-2017:0837
RHSA-2017_0837
USN-3226-1
USN-4695-1

Produtos afetados

Centos
Red Hat
Ubuntu
Icoutils