CVE-2017-5208 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Arbitrary code execution
Description	An integer overflow vulnerability was found in icoutils in the wrestool program. A maliciously crafted file could make the application crash or possibly lead to arbitrary code execution. This issue only affects 64-bit systems, as the result of subtracting two pointers exceeds the size of int.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-129	icoutils	0.31.0-1	0.31.1-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
09 Jan 2017	ASA-201701-13	AVG-129	icoutils	High	arbitrary code execution

References
http://www.nongnu.org/icoutils/NEWS http://seclists.org/oss-sec/2017/q1/38 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850017 https://anonscm.debian.org/git/users/cjwatson/icoutils.git/plain/debian/patches/check-offset-overflow.patch

References

http://www.nongnu.org/icoutils/NEWS
http://seclists.org/oss-sec/2017/q1/38
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850017
https://anonscm.debian.org/git/users/cjwatson/icoutils.git/plain/debian/patches/check-offset-overflow.patch