| Severity |
|
| Remote |
|
| Type |
| + |
Arbitrary code execution |
|
| Description |
| + |
An integer overflow vulnerability was found in icoutils in the wrestool program. A maliciously crafted file could make the application crash or possibly lead to arbitrary code execution. This issue only affects 64-bit systems, as the result of subtracting two pointers exceeds the size of int. |
|
| References |
| + |
http://www.nongnu.org/icoutils/NEWS |
| + |
http://seclists.org/oss-sec/2017/q1/38 |
| + |
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850017 |
| + |
https://anonscm.debian.org/git/users/cjwatson/icoutils.git/plain/debian/patches/check-offset-overflow.patch |
|
| Notes |
|