A vulnerability was found in icoutils in extract.c. It is possible to access unallocated memory via wrestool while parsing maliciously crafted file which would make the application crash or possibly allow code execution. References: http://seclists.org/oss-sec/2017/q1/56 Upstream patch: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a
Created icoutils tracking bugs for this issue: Affects: fedora-all [bug 1412265] Affects: epel-6 [bug 1412266]
This is the essentially the same as CVE-2017-5333 (bug 1412259), but only considers the OOB read aspect.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:0837 https://rhn.redhat.com/errata/RHSA-2017-0837.html