Multiple vulnerabilities have been found in icoutils, the worst of which may lead to arbitrary code execution.
Package | media-gfx/icoutils on all architectures |
---|---|
Affected versions | < 0.32.0 |
Unaffected versions | >= 0.32.0 |
A set of command-line programs for extracting and converting images in Microsoft Windows(R) icon and cursor files.
Multiple vulnerabilities have been discovered in icoutils. Please review the CVE identifiers referenced below for details.
A remote attacker could entice a user to process a specially crafted file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.
There is no known workaround at this time.
All icoutils users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/icoutils-0.32.0"
Release date
January 11, 2018
Latest revision
January 11, 2018: 1
Severity
normal
Exploitable
local, remote
Bugzilla entries