CVE-2022-32323 – autotrace: heap-buffer overflow via the ReadImage() at input-bmp.c

https://notcve.org/view.php?id=CVE-2022-32323

AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660. Se ha detectado que AutoTrace versión v0.40.0, contiene un desbordamiento de pila por medio de la función ReadImage en el archivo input-bmp.c:660 A buffer overflow flaw was found in the autotrace package. This flaw allows an attacker to trick the user into opening a maliciously crafted BMP image, triggering arbitrary code execution or causing the application to crash. • https://github.com/autotrace/autotrace/commit/2b44c173027736c64b3f379bd154c41bab745423 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4CZVCQH4L7KC5GXLU6SCESXR5TGSKQ2H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKZPC4WCDOJ7BPJOMZ46AV27RCABZRYA https://access.redhat.com/security/cve/CVE-2022-32323 https://bugzilla.redhat.com/show_bug.cgi?id=2107471 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •