ASA-201701-13 generated external raw

[ASA-201701-13] icoutils: arbitrary code execution
Arch Linux Security Advisory ASA-201701-13 ========================================== Severity: High Date : 2017-01-09 CVE-ID : CVE-2017-5208 Package : icoutils Type : arbitrary code execution Remote : No Link : Summary ======= The package icoutils before version 0.31.1-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 0.31.1-1. # pacman -Syu "icoutils>=0.31.1-1" The problem has been fixed upstream in version 0.31.1. Workaround ========== None. Description =========== An integer overflow vulnerability was found in icoutils in the wrestool program. A maliciously crafted file could make the application crash or possibly lead to arbitrary code execution. This issue only affects 64-bit systems, as the result of subtracting two pointers exceeds the size of int. Impact ====== An attacker is able to execute arbitrary code on a target machine by tricking the user to open a specially crafted file. References ==========