An integer overflow vulnerability was found in icoutils in the wrestool program. A maliciously crafted file could make the application crash or possibly allow code execution. This is a CVE for an insufficient patch for CVE-2017-5208. References: http://seclists.org/oss-sec/2017/q1/56 Upstream patch: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=4fbe9222fd79ee31b7ec031b0be070a9a400d1d3
Statement: This issue did not affect the versions of icoutils as shipped with Red Hat Enterprise Linux 7 as they did not backport the vulnerable patches provided to fix a previous flaw (CVE-2017-5208).
Created icoutils tracking bugs for this issue: Affects: fedora-all [bug 1412265] Affects: epel-6 [bug 1412266]