{ "CVE_data_meta": { "ASSIGNER": "security@debian.org", "ID": "CVE-2017-5331", "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Other" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Debian", "product": { "product_data": [ { "product_name": "icoutils", "version": { "version_data": [ { "version_value": "before 0.31.1" } ] } } ] } } ] } }, "references": { "reference_data": [ { "refsource": "SUSE", "name": "openSUSE-SU-2017:0167", "url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00025.html" }, { "refsource": "MLIST", "name": "[oss-security] 20170110 Re: CVE Request: icoutils: exploitable crash in wrestool programm", "url": "http://www.openwall.com/lists/oss-security/2017/01/11/3" }, { "refsource": "DEBIAN", "name": "DSA-3765", "url": "http://www.debian.org/security/2017/dsa-3765" }, { "refsource": "SUSE", "name": "openSUSE-SU-2017:0168", "url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00026.html" }, { "refsource": "BID", "name": "95378", "url": "http://www.securityfocus.com/bid/95378" }, { "refsource": "UBUNTU", "name": "USN-3178-1", "url": "http://www.ubuntu.com/usn/USN-3178-1" }, { "refsource": "SUSE", "name": "openSUSE-SU-2017:0166", "url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00024.html" }, { "refsource": "CONFIRM", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1412248", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412248" } ] } }