Debian 10241 Published by

Updated icoutils packages has been released for Debian 7 LTS



Package : icoutils
Version : 0.29.1-5deb7u1
CVE ID : CVE-2017-5208 CVE-2017-5331 CVE-2017-5332 CVE-2017-5333
Debian Bug : 850017


Brief introduction

CVE-2017-5208

Choongwoo Han reported[0] an exploitable crash in wrestool from
icoutils. The command line tools is e.g. used in KDE's
metadataparsing.

CVE-2017-5331

It turned out that the correction for CVE-2017-5208 was not enough
so an additional correction was needed.

CVE-2017-5332

But as I see it there are still combinations of the arguments which
make the test succeed even though the the memory block identified by
offset size is not fully inside memory total_size.

CVE-2017-5333

The memory check was not stringent enough on 64 bit systems.

For Debian 7 "Wheezy", these problems have been fixed in version
0.29.1-5deb7u1.

We recommend that you upgrade your icoutils packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
  Icoutils security update for Debian 7 LTS