icoutils security update

2017-03-29T10:58:02
ID CESA-2017:0837
Type centos
Reporter CentOS Project
Modified 2017-03-29T10:58:02

Description

CentOS Errata and Security Advisory CESA-2017:0837

The icoutils are a set of programs for extracting and converting images in Microsoft Windows icon and cursor files. These files usually have the extension .ico or .cur, but they can also be embedded in executables or libraries.

Security Fix(es):

  • Multiple vulnerabilities were found in icoutils, in the wrestool program. An attacker could create a crafted executable that, when read by wrestool, could result in memory corruption leading to a crash or potential code execution. (CVE-2017-5208, CVE-2017-5333, CVE-2017-6009)

  • A vulnerability was found in icoutils, in the wrestool program. An attacker could create a crafted executable that, when read by wrestool, could result in failure to allocate memory or an over-large memcpy operation, leading to a crash. (CVE-2017-5332)

  • Multiple vulnerabilities were found in icoutils, in the icotool program. An attacker could create a crafted ICO or CUR file that, when read by icotool, could result in memory corruption leading to a crash or potential code execution. (CVE-2017-6010, CVE-2017-6011)

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2017-March/034385.html

Affected packages: icoutils

Upstream details at: https://rhn.redhat.com/errata/RHSA-2017-0837.html