Unallocated Memory Access Vulnerability in icoutils

Unallocated Memory Access Vulnerability in icoutils

CVE-2017-5332 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

Learn more about our User Device Pen Test.