Updated icoutils packages has been released for Debian 7 LTS
Package : icoutilsIcoutils security update for Debian 7 LTS
Version : 0.29.1-5deb7u1
CVE ID : CVE-2017-5208 CVE-2017-5331 CVE-2017-5332 CVE-2017-5333
Debian Bug : 850017
Brief introduction
CVE-2017-5208
Choongwoo Han reported[0] an exploitable crash in wrestool from
icoutils. The command line tools is e.g. used in KDE's
metadataparsing.
CVE-2017-5331
It turned out that the correction for CVE-2017-5208 was not enough
so an additional correction was needed.
CVE-2017-5332
But as I see it there are still combinations of the arguments which
make the test succeed even though the the memory block identified by
offset size is not fully inside memory total_size.
CVE-2017-5333
The memory check was not stringent enough on 64 bit systems.
For Debian 7 "Wheezy", these problems have been fixed in version
0.29.1-5deb7u1.
We recommend that you upgrade your icoutils packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
