CVE-2017-6009 Redhat CVE debrief

Who should care

Administrators and security teams responsible for systems that install or use icoutils/wrestool, especially Linux distributions and environments that may process untrusted Windows resource files locally. Downstream package maintainers should also pay attention because the NVD record lists affected Debian and Red Hat Enterprise Linux-related CPEs.

Technical summary

NVD classifies the weakness as CWE-119 and scores it CVSS 3.0 5.5 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). The vulnerable path is decode_ne_resource_id in restable.c, where the memcpy length parameter is not validated before use. According to the record, the problem affects icoutils 0.31.1 and wrestool, and downstream advisories were issued by Red Hat, Debian, and Gentoo.

Defensive priority

Medium

Recommended defensive actions

• Apply the vendor or distribution updates that address CVE-2017-6009 for icoutils/wrestool.
• Inventory hosts for icoutils 0.31.1 and related downstream packages to identify exposure.
• Limit who can run wrestool on untrusted inputs, since the CVSS vector requires local access and user interaction.
• Review workflows that process Windows resource files and treat external inputs as untrusted.
• Use downstream security advisories to confirm your platform-specific remediation path.

Evidence notes

Primary evidence comes from the NVD CVE record and its linked advisories. The record identifies icoutils 0.31.1 as vulnerable, names decode_ne_resource_id in restable.c, and assigns CWE-119 with CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. Linked references include Red Hat RHSA-2017-0837, Debian DSA-3807, Gentoo GLSA 201801-12, SecurityFocus BID 96292, and the Debian bug tracker entry 854050.

Official resources