UbuntuUpdates.org

Package "icoutils"

Name: icoutils

Description:

Create and extract MS Windows icons and cursors
Latest version: 0.31.0-3ubuntu0.1
Release: xenial (16.04)
Level: security
Repository: universe
Homepage: http://www.nongnu.org/icoutils/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "icoutils"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "icoutils" in Xenial

Repository Area Version
base universe 0.31.0-3
updates universe 0.31.0-3ubuntu0.1

Changelog

Version: 0.31.0-3ubuntu0.1 2021-01-18 14:07:06 UTC

  icoutils (0.31.0-3ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2017-5208.patch: fix check_offset overflow on
      64-bit systems in wrestool/fileread.c.
    - CVE-2017-5208
  * SECURITY UPDATE: Arbitrary code execution and Denial of service
    - debian/patches/CVE-2017-5331.patch: make check_offset more stringent
      in wrestool/fileread.c.
    - CVE-2017-5331
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2017-5332.patch: prevent access to unallocated memory
      in wrestool/extract.c.
    - CVE-2017-5332
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2017-5333.patch: fix an index in wrestool/extract.c.
    - CVE-2017-5333
  * SECURITY UPDATE: Failed memcpy, crash and buffer overflow
    - debian/patches/CVE-2017-6009_CVE-2017-6010_CVE-2017-6011.patch: fix in
      icotool/extract.c, wrestool/restable.c.
    - CVE-2017-6009
    - CVE-2017-6010
    - CVE-2017-6011

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 14 Jan 2021 08:48:43 -0300
CVE-2017-5208 wrestool: exploitable crash
CVE-2017-5331 make check_offset more stringent
CVE-2017-5332 The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cau
CVE-2017-5333 Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a d
CVE-2017-6009 An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. T
CVE-2017-6010 An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue
CVE-2017-6011 An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extr


About   -   Send Feedback to @ubuntu_updates