Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.
Max CVSS
7.8
EPSS Score
0.10%
Published
2019-11-04
Updated
2019-11-07
The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
Max CVSS
7.8
EPSS Score
0.10%
Published
2019-11-04
Updated
2019-11-06
Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-11-04
Updated
2019-11-05
Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error.
Max CVSS
7.8
EPSS Score
0.13%
Published
2019-11-14
Updated
2020-08-18
The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-11-14
Updated
2019-11-19
5 vulnerabilities found