oss-sec mailing list archives
Re: CVE Request: icoutils: exploitable crash in wrestool programm
From: <cve-assign () mitre org>
Date: Sun, 8 Jan 2017 14:47:40 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
an exploitable crash in wrestool from the icoutils
https://bugs.debian.org/850017 https://anonscm.debian.org/git/users/cjwatson/icoutils.git/plain/debian/patches/check-offset-overflow.patch
wrestool/fileread.c
On 64-bit systems, the result of subtracting two pointers exceeds the size of int
Use CVE-2017-5208. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYcpb7AAoJEHb/MwWLVhi2kLwP/A+G4NM3R2Ad/IKIDemtxNpC qKNMumJCh3kS2tiUcWZgfChZiED2lpQIQRwE6z/DQznt8iXbIxEolipRBj8PlEIe Z8L7A10OxVQLKf9pYZmN4JmomcAFcI1Nzt3sgMsS+7leClf606kXAdPiVlxjgH3E LFaQRqatsD1UA7eftvul8MZeBFQUtQttH6fIvqj9/L3HifNQ6xYkBdT/8C8MbEku KzRNOFk803YBrfbgvsZhk65N8KXpX+fBXiXS8gu7TyUxnS1UxqaT8F7NkoPiHCqk M2t+l5M152nD/Gjf0/2y+Nfb+fi3sNDvLgE2ElmnRmC2InGI1JBITEtuflM5znYn z6Wz5ts1rvQenqEzAxPLYBFdUTMFyyheqLKRYo2I+tQ5LM69HlHZnsTclGHGCUyx tD+MPLz54kuPXaXj6HUG+eK49QxWLoDTlRS/TOrCUC1YsXIRfleo1QO00BcpBVHw jcdEvebEXzCMG0+Av6pcBKmBwlGOy+y7ckJHUnQ7c8PvbKlk5nunlSmrLqHvDBSL V4V4rE5WmFu/GSuGcr+pz/IhFZViwDgydz7dagTv8CJsMAvJGean93r0AO+WXhA9 jdFg5tbrvzH3nHh1v5GZ/SZaWi34de1/9rG3cxLmlMStyOGMTxpOeO/Scb9Bkqp2 6d2/HyseA0dKnDgxtrIi =vxi7 -----END PGP SIGNATURE-----
Current thread:
- CVE Request: icoutils: exploitable crash in wrestool programm Salvatore Bonaccorso (Jan 08)
- Re: CVE Request: icoutils: exploitable crash in wrestool programm cve-assign (Jan 08)
- Re: Re: CVE Request: icoutils: exploitable crash in wrestool programm Salvatore Bonaccorso (Jan 09)
- Re: CVE Request: icoutils: exploitable crash in wrestool programm cve-assign (Jan 10)
- Re: Re: CVE Request: icoutils: exploitable crash in wrestool programm Salvatore Bonaccorso (Jan 09)
- Re: CVE Request: icoutils: exploitable crash in wrestool programm cve-assign (Jan 08)