Upstream information

CVE-2017-5332 at MITRE

Description

The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

SUSE Bugzilla entries: 1018756 [RESOLVED / FIXED], 1019328 [RESOLVED / DUPLICATE]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Leap 15.0
  • icoutils >= 0.31.3-lp150.1.8
Patchnames:
openSUSE Leap 15.0 GA icoutils
openSUSE Leap 42.1
  • icoutils >= 0.31.1-7.1
  • icoutils-debuginfo >= 0.31.1-7.1
  • icoutils-debugsource >= 0.31.1-7.1
Patchnames:
openSUSE-2017-104
openSUSE Leap 42.2
  • icoutils >= 0.31.1-8.1
  • icoutils-debuginfo >= 0.31.1-8.1
  • icoutils-debugsource >= 0.31.1-8.1
Patchnames:
openSUSE-2017-105
openSUSE Leap 42.3
  • icoutils >= 0.31.1-11.1
Patchnames:
openSUSE Leap 42.3 GA icoutils