An integer overflow vulnerability was found in extract.c while transferring resources into file memory. A maliciously crafted file could make the application crash or possibly allow code execution.
Created icoutils tracking bugs for this issue:
Affects: fedora-all [bug 1412265]
Affects: epel-6 [bug 1412266]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2017:0837 https://rhn.redhat.com/errata/RHSA-2017-0837.html