Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a CVE vulnerability ID? 
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
New vulnerability? Tell us about it!
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2017-5333
Good to know:
Date: November 4, 2019
Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.
Language: C
Severity Score
Related Resources (15)
Severity Score
Weakness Type (CWE)
Integer Overflow or Wraparound
CWE-190Top Fix
Upgrade Version
Upgrade to version https://cgit.git.savannah.gnu.org/cgit/icoutils.git - https://cgit.savannah.gnu.org/cgit/icoutils/commit/1a108713ac26215c7568353f6e02e727e6d4b24a;https://git.savannah.gnu.org/git/icoutils.git - https://git.savannah.gnu.org/git/icoutils/commit/94b82ae91961822d804959efffc4e060ae953c1d
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | LOCAL |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | REQUIRED |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | HIGH |
CVSS v2
| Base Score: |
|
|---|---|
| Access Vector (AV): | NETWORK |
| Access Complexity (AC): | MEDIUM |
| Authentication (AU): | NONE |
| Confidentiality (C): | PARTIAL |
| Integrity (I): | PARTIAL |
| Availability (A): | PARTIAL |
| Additional information: |