UbuntuUpdates.org

Package "icoutils"

Name: icoutils

Description:

Create and extract MS Windows icons and cursors
Latest version: 0.29.1-2ubuntu0.2
Release: precise (12.04)
Level: security
Repository: main
Homepage: http://www.nongnu.org/icoutils/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "icoutils"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "icoutils" in Precise

Repository Area Version
base main 0.29.1-2
updates main 0.29.1-2ubuntu0.2

Changelog

Version: 0.29.1-2ubuntu0.2 2017-03-13 17:06:43 UTC

  icoutils (0.29.1-2ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in decode_ne_resource_id
    - debian/patches/CVE-2017-6009.patch: use unsigned char in
      wrestool/restable.c.
    - CVE-2017-6009
  * SECURITY UPDATE: buffer overflow and out-of-bounds read
    - debian/patches/CVE-2017-601x-1.patch: check width of bitmaps in
      icotool/extract.c.
    - debian/patches/CVE-2017-601x-2.patch: fix type aliasing in
      icotool/extract.c.
    - CVE-2017-6010
    - CVE-2017-6011

 -- Marc Deslauriers <email address hidden> Thu, 09 Mar 2017 14:20:24 -0500
Source diff to previous version
CVE-2017-6009 An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. T
CVE-2017-6010 An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue
CVE-2017-6011 An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extr

Version: 0.29.1-2ubuntu0.1 2017-01-24 21:06:40 UTC

  icoutils (0.29.1-2ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: integer overflow vulnerability in the wrestool utility
    - debian/patches/CVE-2017-5208-and-CVE-2017-5331.patch: prevent
      overflow in wrestool/fileread.c.
    - CVE-2017-5208
    - CVE-2017-5331
  * SECURITY UPDATE: unallocated memory access in wrestool
    - debian/patches/CVE-2017-5332-1.patch: limit size in
      wrestool/extract.c.
    - debian/patches/CVE-2017-5332-2-and-CVE-2017-5333.patch: fix index and
      add another check to wrestool/extract.c.
    - CVE-2017-5332
    - CVE-2017-5333

 -- Marc Deslauriers <email address hidden> Fri, 20 Jan 2017 14:14:20 -0500
CVE-2017-5208 wrestool: exploitable crash
CVE-2017-5331 make check_offset more stringent


About   -   Send Feedback to @ubuntu_updates