Bug 1544927 - icoutils: out of bounds read in simple_vec
Summary: icoutils: out of bounds read in simple_vec
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1554810 1554811
Blocks: TRACKER-bugs-affecting-libguestfs 1544931
TreeView+ depends on / blocked
 
Reported: 2018-02-13 19:02 UTC by Laura Pardo
Modified: 2021-10-21 19:54 UTC (History)
3 users (show)

Fixed In Version: icoutils 0.31.1
Clone Of:
Environment:
Last Closed: 2021-10-21 19:54:20 UTC
Embargoed:

Attachments (Terms of Use)

Description Laura Pardo 2018-02-13 19:02:57 UTC 
An out of bounds read access flaw was found in icoutils. This flaw can be triggered via a crafted .ico file using icotool -l. This may result in a segmentation fault, leading to Denial of Service.

External References:

https://savannah.nongnu.org/bugs/index.php?52313
https://bugs.gentoo.org/647378

Upstream Patch:

http://git.savannah.nongnu.org/cgit/icoutils.git/patch/?id=15ef8e8c9994981d25d62
Comment 1 Richard W.M. Jones 2018-02-13 21:12:38 UTC 
It's likely this affects libguestfs since it runs wrestool on
Windows guests.  I'm not able to see bug 1544931 however so
I don't know if there is already a bug to fix this in RHEL 7.
Comment 2 Laura Pardo 2018-02-13 22:13:54 UTC 
Hi Richard! bug 1544931 is the task created for this issue and a related one https://bugzilla.redhat.com/show_bug.cgi?id=1544928

RHEL-7 status is new, the assigned analyst will define if it is affected and create the trackers, if needed
Note You need to log in before you can comment on or make changes to this bug.