CVE-2017-6010 Redhat CVE debrief

Who should care

Care is most important for administrators and developers who use icoutils or ship it in desktop, build, or file-processing workflows that may handle untrusted .ico files. Distribution maintainers should also verify whether their packaged icoutils builds include the fixed version referenced by their advisories.

Technical summary

The issue is a memory-safety problem in extract_icons within extract.c. According to the supplied record, malformed ICO input can overflow a buffer during icon extraction, leading to an icotool crash rather than documented code execution. The NVD record maps the weakness to CWE-119 and lists the impact as availability-only (A:H) with local attack vector and user interaction required.

Defensive priority

Medium. The vulnerability is not marked as KEV in the supplied data and the documented impact is crash/denial of service, but it still matters anywhere untrusted ICO files are processed by icotool or related tooling.

Recommended defensive actions

• Check whether icoutils 0.31.1 is installed or bundled in your environment.
• Apply the vendor or distribution update associated with your platform advisories, including the referenced Red Hat, Debian, or Gentoo notices where applicable.
• Restrict or validate untrusted ICO files before processing them with icotool or automation that wraps it.
• Monitor for unexpected icotool crashes in workflows that ingest user-provided or externally sourced icon files.
• If you maintain a package, confirm that downstream builds include the patched upstream fix or equivalent backport.

Evidence notes

Primary evidence comes from the official NVD CVE record and the CVE.org record, which identify icoutils 0.31.1, the extract_icons function in extract.c, the corrupted ICO trigger, and the crash/availability impact. Supporting references in the record point to Red Hat RHSA-2017-0837, Debian DSA-3807, a Debian bug report, and a Gentoo GLSA, indicating downstream packaging advisories.

Official resources