Severity |
|
Remote |
|
Type |
+ |
Arbitrary code execution |
|
Description |
+ |
An integer overflow vulnerability was found in icoutils in the wrestool program. A maliciously crafted file could make the application crash or possibly lead to arbitrary code execution. This issue only affects 64-bit systems, as the result of subtracting two pointers exceeds the size of int. |
|
References |
+ |
http://www.nongnu.org/icoutils/NEWS |
+ |
http://seclists.org/oss-sec/2017/q1/38 |
+ |
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850017 |
+ |
https://anonscm.debian.org/git/users/cjwatson/icoutils.git/plain/debian/patches/check-offset-overflow.patch |
|
Notes |
|