Upstream information
Description
Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| CVSS detail | National Vulnerability Database |
|---|---|
| Base Score | 4.6 |
| Vector | AV:L/AC:L/Au:N/C:P/I:P/A:P |
| Access Vector | Local |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
SUSE Security Advisories:
- openSUSE-SU-2017:0166-1, published Fri Dec 8 15:48:36 2023
- openSUSE-SU-2017:0167-1, published Fri Dec 8 15:48:36 2023
- openSUSE-SU-2017:0168-1, published Fri Dec 8 15:48:36 2023
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| openSUSE Leap 15.0 |
| Patchnames: openSUSE Leap 15.0 GA icoutils-0.31.3-lp150.1.8 |
| openSUSE Leap 15.2 |
| Patchnames: openSUSE Leap 15.2 GA icoutils-0.31.3-lp152.3.2 |
SUSE Timeline for this CVE
CVE page created: Sun Jan 8 21:34:23 2017CVE page last modified: Mon Oct 6 18:38:02 2025