Buffer Overflow in decode_ne_resource_id function in icoutils 0.31.1

Buffer Overflow in decode_ne_resource_id function in icoutils 0.31.1

CVE-2017-6009 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool.

Learn more about our Web Application Penetration Testing UK.