GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sat Aug 26, 2017 3:26 pm Post subject: [ GLSA 201708-09 ] AutoTrace |
 |
|
Gentoo Linux Security Advisory
Title: AutoTrace: Multiple vulnerabilities (GLSA 201708-09)
Severity: normal
Exploitable: remote
Date: 2017-08-26
Bug(s): #613992, #619040
ID: 201708-09
Synopsis
Multiple vulnerabilities have been found in AutoTrace, the worst of
which could cause a Denial of Service condition.
Background
AutoTrace converts bitmap to vector graphics.
Affected Packages
Package: media-gfx/autotrace
Vulnerable: <= 0.31.1-r8
Architectures: All supported architectures
Description
Heap-based buffer overflows have been discovered in the
pstoedit_suffix_table_init and pnm_load_rawpbm functions of AutoTrace.
Impact
Remote attackers, by enticing a user to process a crafted bmp image
file, could cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
Gentoo has discontinued support for AutoTrace. We recommend that users
unmerge AutoTrace:
| Code: | # emerge --unmerge "media-gfx/autotrace"
|
References
CVE-2016-7392
CVE-2017-9153
Last edited by GLSA on Fri Sep 29, 2017 4:17 am; edited 1 time in total |
|
News & Announcements
