1. Home
  2. CVE Database
  3. CVE-2017-6009
MEDIUM · 5.5

CVE-2017-6009

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for me...

Vulnerability Description

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
Icoutils ProjectIcoutils0.31.1
DebianDebian Linux8.0
RedhatEnterprise Linux Desktop7.0
RedhatEnterprise Linux Server7.0
RedhatEnterprise Linux Server Aus7.3
RedhatEnterprise Linux Server Eus7.3
RedhatEnterprise Linux Server Tus7.3
RedhatEnterprise Linux Workstation7.0

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2017-6009?

CVE-2017-6009 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for me...

How severe is CVE-2017-6009?

CVE-2017-6009 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-6009?

Check the references section above for vendor advisories and patch information. Affected products include: Icoutils Project Icoutils, Debian Debian Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus.