CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32323 – autotrace: heap-buffer overflow via the ReadImage() at input-bmp.c
https://notcve.org/view.php?id=CVE-2022-32323
AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660. Se ha detectado que AutoTrace versión v0.40.0, contiene un desbordamiento de pila por medio de la función ReadImage en el archivo input-bmp.c:660 A buffer overflow flaw was found in the autotrace package. This flaw allows an attacker to trick the user into opening a maliciously crafted BMP image, triggering arbitrary code execution or causing the application to crash. • https://github.com/autotrace/autotrace/commit/2b44c173027736c64b3f379bd154c41bab745423 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4CZVCQH4L7KC5GXLU6SCESXR5TGSKQ2H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKZPC4WCDOJ7BPJOMZ46AV27RCABZRYA https://access.redhat.com/security/cve/CVE-2022-32323 https://bugzilla.redhat.com/show_bug.cgi?id=2107471 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19005 – autotrace: bitmap double free in main.c allows attackers to cause an unspecified impact
https://notcve.org/view.php?id=CVE-2019-19005
A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. This may occur after the use-after-free in CVE-2017-9182. Un mapa de bits doble liberación en el archivo main.c en autotrace versión 0.31.1, permite a atacantes causar un impacto no especificado por medio de una imagen de mapa de bits mal formada. Esto puede ocurrir después de un uso de la memoria previamente liberada en CVE-2017-9182 • https://github.com/autotrace/autotrace/commits/master https://github.com/autotrace/autotrace/pull/40 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NC6MUH2RLVEA634LHBNZ2KO7MQKI2RDZ https://access.redhat.com/security/cve/CVE-2019-19005 https://bugzilla.redhat.com/show_bug.cgi?id=1945031 • CWE-415: Double Free •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19004 – autotrace: integer overflow in input-bmp.c
https://notcve.org/view.php?id=CVE-2019-19004
A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image. Un desbordamiento de entero biWidth*biBitCnt en el archivo input-bmp.c en autotrace versión 0.31.1, permite a atacantes proporcionar un valor de entrada inesperado a malloc por medio de una imagen de mapa de bits malformada • https://github.com/autotrace/autotrace/commits/master https://github.com/autotrace/autotrace/commits/master/src/input-bmp.c https://github.com/autotrace/autotrace/pull/40 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NC6MUH2RLVEA634LHBNZ2KO7MQKI2RDZ https://access.redhat.com/security/cve/CVE-2019-19004 https://bugzilla.redhat.com/show_bug.cgi?id=1945033 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9152
https://notcve.org/view.php?id=CVE-2017-9152
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the pnm_load_raw function in input-pnm.c:346:41. libautotrace.a en la versión 0.31.1 de AutoTrace tiene una sobrelectura de búfer basado en memoria dinámica (heap) en la función pnm_load_raw en input-bmp.c:346:41. • https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9156
https://notcve.org/view.php?id=CVE-2017-9156
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:303:12. libautotrace.a en AutoTrace 0.31.1 permite a los atacantes remotos provocar una denegación de servicio (escritura inválida y SEGV) relacionada con la función pnm_load_ascii en input-bmp.c:303:12. • https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare • CWE-787: Out-of-bounds Write •