An integer overflow vulnerability was found in extract.c while transferring resources into file memory. A maliciously crafted file could make the application crash or possibly allow code execution. References: http://seclists.org/oss-sec/2017/q1/56 Upstream patch: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1a108713ac26215c7568353f6e02e727e6d4b24a
Created icoutils tracking bugs for this issue: Affects: fedora-all [bug 1412265] Affects: epel-6 [bug 1412266]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:0837 https://rhn.redhat.com/errata/RHSA-2017-0837.html