icoutils buffer overflow vulnerability (CNVD-2017-02046)

icoutils is a set of command line programs for extracting and converting images from Microsoft Windows icon and cursor files. A buffer overflow vulnerability exists in the 'simplevec' function in the extract.c source file in icoutils version 0.31.1. An attacker can exploit this vulnerability to...

Buffer overflow

An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simplevec" function in the "extract.c" source file. This affects icotool...

CVE-2017-6011

An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simplevec" function in the "extract.c" source file. This affects icotool...

Buffer overflow

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extracticons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash...

CVE-2017-6010

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extracticons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash...

CVE-2017-6010

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extracticons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash...

CVE-2017-6011

An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simplevec" function in the "extract.c" source file. This affects icotool...

CVE-2017-6010

CVE-2017-6010 affects icoutils: a buffer overflow in the extract_icons function (extract.c) can be triggered by processing a corrupted ICO file, causing icotool to crash (DoS). Documented across multiple advisories (Debian DSA-3807-1; DLA-854-1; CentOS/CESA-2017:0837; IBM PowerKVM bulletin; Gento...

CVE-2017-6010

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extracticons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash...

CVE-2017-6010

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extracticons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash...

CVE-2017-6011

An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simplevec" function in the "extract.c" source file. This affects icotool...

UBUNTU-CVE-2017-6010

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extracticons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash...

unzip: out-of-bounds read/write in test_compr_eb() in extract.c

A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option...

Fedora 21 : unzip-6.0-20.fc21 (2015-2035)

Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread 1174844 - Fix CVE-2014-8140 - out-of-bounds write issue in testcompreb 1174851 - Fix CVE-2014-8141 - getZip64Data out-of-bounds read issues 1174856 - Fix buffer overflow on long file sizes 1191136 - CVE-2014-9636 unzip:...

Directory traversal

Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. slash slash dot dot sequences in directory symlinks in a TAR archive...

CVE-2007-4134

Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. slash slash dot dot sequences in directory symlinks in a TAR archive...

CVE-2007-4134

CVE-2007-4134 affects the Star archiver. A directory traversal defect in extract.c (Star) before version 1.5a84 lets remote users craft tar archives containing //.. sequences in directory symlinks, enabling overwriting of arbitrary files on the host with the permissions of the user running Star. ...