1. Home
  2. CVE Database
  3. CVE-2017-6010
MEDIUM · 5.5

CVE-2017-6010

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico fil...

Vulnerability Description

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
Icoutils ProjectIcoutils0.31.1
DebianDebian Linux8.0
RedhatEnterprise Linux Desktop7.0
RedhatEnterprise Linux Server7.0
RedhatEnterprise Linux Server Aus7.3
RedhatEnterprise Linux Server Eus7.3
RedhatEnterprise Linux Server Tus7.3
RedhatEnterprise Linux Workstation7.0

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2017-6010?

CVE-2017-6010 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico fil...

How severe is CVE-2017-6010?

CVE-2017-6010 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-6010?

Check the references section above for vendor advisories and patch information. Affected products include: Icoutils Project Icoutils, Debian Debian Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus.