{"id":"CVE-2017-5332","details":"The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.","modified":"2026-07-10T04:05:09.747817243Z","published":"2019-11-04T21:15:11.743Z","database_specific":{"unresolved_ranges":[{"vendor_product":"canonical:ubuntu_linux","source":"CPE_STRING","cpes":["cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*"],"extracted_events":[{"introduced":"12.04"},{"last_affected":"12.04"}]},{"vendor_product":"debian:debian_linux","source":"CPE_STRING","cpes":["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"8.0"},{"last_affected":"8.0"},{"introduced":"9.0"},{"last_affected":"9.0"},{"introduced":"10.0"},{"last_affected":"10.0"}]},{"vendor_product":"opensuse:leap","source":"CPE_STRING","cpes":["cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"42.1"},{"last_affected":"42.1"},{"introduced":"42.2"},{"last_affected":"42.2"}]},{"vendor_product":"opensuse:opensuse","source":"CPE_STRING","cpes":["cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"13.2"},{"last_affected":"13.2"}]},{"vendor_product":"redhat:enterprise_linux","source":"CPE_STRING","cpes":["cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"7.0"},{"last_affected":"7.0"}]},{"vendor_product":"redhat:enterprise_linux_desktop","source":"CPE_STRING","cpes":["cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"7.0"},{"last_affected":"7.0"}]},{"vendor_product":"redhat:enterprise_linux_server_aus","source":"CPE_STRING","cpes":["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"7.3"},{"last_affected":"7.3"},{"introduced":"7.4"},{"last_affected":"7.4"},{"introduced":"7.6"},{"last_affected":"7.6"},{"introduced":"7.7"},{"last_affected":"7.7"}]},{"vendor_product":"redhat:enterprise_linux_server_eus","source":"CPE_STRING","cpes":["cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"7.3"},{"last_affected":"7.3"},{"introduced":"7.4"},{"last_affected":"7.4"},{"introduced":"7.5"},{"last_affected":"7.5"},{"introduced":"7.6"},{"last_affected":"7.6"},{"introduced":"7.7"},{"last_affected":"7.7"}]},{"vendor_product":"redhat:enterprise_linux_server_tus","source":"CPE_STRING","cpes":["cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"7.3"},{"last_affected":"7.3"},{"introduced":"7.6"},{"last_affected":"7.6"},{"introduced":"7.7"},{"last_affected":"7.7"}]},{"vendor_product":"redhat:enterprise_linux_workstation","source":"CPE_STRING","cpes":["cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"7.0"},{"last_affected":"7.0"}]}]},"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00024.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00025.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00026.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0837.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3765"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95380"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-3178-1"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/01/11/3"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1412263"},{"type":"FIX","url":"https://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://cgit.git.savannah.gnu.org/cgit/icoutils.git","events":[{"introduced":"0"},{"fixed":"1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a"}],"database_specific":{"source":"REFERENCES"}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5332.json"}},{"ranges":[{"type":"GIT","repo":"https://https.git.savannah.gnu.org/git/icoutils.git/","events":[{"introduced":"0"},{"fixed":"94b82ae91961822d804959efffc4e060ae953c1d"}],"database_specific":{"source":"CPE_RANGE","extracted_events":[{"introduced":"0"},{"fixed":"0.31.1"}],"cpe":"cpe:2.3:a:icoutils_project:icoutils:*:*:*:*:*:*:*:*"}}],"versions":["0.31.0","0.30.0","0.29.1","0.29.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5332.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}