Multiple vulnerabilities have been found in icoutils, the worst of which may lead to arbitrary code execution.
|Package||media-gfx/icoutils on all architectures|
|Affected versions||< 0.32.0|
|Unaffected versions||>= 0.32.0|
A set of command-line programs for extracting and converting images in Microsoft Windows(R) icon and cursor files.
Multiple vulnerabilities have been discovered in icoutils. Please review the CVE identifiers referenced below for details.
A remote attacker could entice a user to process a specially crafted file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.
There is no known workaround at this time.
All icoutils users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/icoutils-0.32.0"
January 11, 2018
January 11, 2018: 1