Bug 1544928

Summary: icoutils: out-of-bounds read in read_library function in wrestool
Product: [Other] Security Response Reporter: Laura Pardo <lpardo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: martin.gieseking, rjones
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: icoutils 0.32.2 Doc Type: If docs needed, set a value
Doc Text:
An invalid memory read flaw was found in the way icoutils parsed EXE files. An attacker could potentially use this flaw to crash the wrestool utility by tricking it into processing crafted EXE files.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-21 19:54:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1544929, 1554819, 1554821    
Bug Blocks: 1544931    

Description Laura Pardo 2018-02-13 19:20:02 UTC 
An out of bounds read access flaw was found in icoutils. Processing crafted input files using wrestool, could lead to a crash, thus resulting in Denial of Service.

External References:

https://savannah.nongnu.org/bugs/index.php?52308
https://bugs.gentoo.org/647378

Upstream Patch(es):

http://git.savannah.nongnu.org/cgit/icoutils.git/commit/?id=8650b677a50
http://git.savannah.nongnu.org/cgit/icoutils.git/commit/?id=a8c8543731e
Comment 1 Laura Pardo 2018-02-13 19:20:28 UTC 
Created icoutils tracking bugs for this issue:

Affects: epel-6 [bug 1544929]