CVE-2017-5331

CVE-2017-5331, security advisory, suse linux, suse, security, cve

CVE-2017-5331

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2017-5331 at MITRE

Description

Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

---

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores

	National Vulnerability Database
Base Score	4.6
Vector	AV:L/AC:L/Au:N/C:P/I:P/A:P
Access Vector	Local
Access Complexity	Low
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	Partial
Availability Impact	Partial

SUSE Bugzilla entries: 1018756 [RESOLVED / FIXED], 1019328 [RESOLVED / DUPLICATE]

SUSE Security Advisories:

• openSUSE-SU-2017:0166-1, published Fri Dec 8 15:48:36 2023
• openSUSE-SU-2017:0167-1, published Fri Dec 8 15:48:36 2023
• openSUSE-SU-2017:0168-1, published Fri Dec 8 15:48:36 2023

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Leap 15.0	icoutils >= 0.31.3-lp150.1.8	Patchnames: openSUSE Leap 15.0 GA icoutils-0.31.3-lp150.1.8
openSUSE Leap 15.2	icoutils >= 0.31.3-lp152.3.6	Patchnames: openSUSE Leap 15.2 GA icoutils-0.31.3-lp152.3.2

---

SUSE Timeline for this CVE

CVE page created: Sun Jan 8 21:34:23 2017
CVE page last modified: Sat Jun 15 23:21:58 2024