PatchSiren

PatchSiren cyber security CVE debrief

CVE-2017-6011 Redhat CVE debrief

CVE-2017-6011 is a medium-severity memory-safety issue in icoutils 0.31.1 that affects icotool. NVD describes it as an out-of-bounds read in simple_vec() within extract.c, with the potential to lead to a buffer overflow and a denial-of-service-style availability impact.

Vendor
Redhat
Product
CVE-2017-6011
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-16
Original CVE updated
2026-05-13
Advisory published
2017-02-16
Advisory updated
2026-05-13

Who should care

Security teams, Linux distribution maintainers, and administrators who install or use icoutils/icotool—especially on Debian, Red Hat Enterprise Linux, or Gentoo systems listed in the NVD references and affected CPEs. Anyone processing untrusted .ico files with icotool should treat this as relevant.

Technical summary

The NVD record maps CVE-2017-6011 to icoutils 0.31.1 and identifies CWE-125 (out-of-bounds read). The affected code path is the simple_vec function in extract.c. The CVSS 3.0 vector is AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, which indicates local attack conditions, no privileges required, user interaction required, and a high availability impact. The issue is documented in the public NVD record and supported by vendor/distro advisories referenced there.

Defensive priority

Moderate. The issue requires local access and user interaction, but it can affect availability and touches file parsing code that may be used on untrusted inputs.

Recommended defensive actions

  • Inventory systems running icoutils/icotool and identify whether version 0.31.1 or vendor-packaged variants are present.
  • Apply the relevant vendor or distribution security updates referenced by the NVD record (Red Hat, Debian, Gentoo) if your environment uses those packages.
  • Limit or review workflows that process untrusted .ico files with icotool until patched.
  • Verify remediation by checking installed package versions after updating and confirming the vulnerable code path is no longer present in the packaged build.
  • Track downstream advisory status for your distribution if you rely on backported fixes rather than upstream version changes.

Evidence notes

Primary evidence comes from the official NVD record: published 2017-02-16 and last modified 2026-05-13. NVD lists icoutils 0.31.1 as vulnerable, CWE-125 as the weakness, and the CVSS 3.0 vector AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The referenced third-party advisories include Red Hat RHSA-2017-0837, Debian DSA-3807, Gentoo GLSA 201801-12, SecurityFocus BID 96267, and Debian bug 854054.

Official resources

Publicly disclosed and published in the CVE/NVD record on 2017-02-16. The NVD entry was last modified on 2026-05-13. No Known Exploited Vulnerabilities (KEV) listing was provided in the supplied corpus.