Описание
Integer underflow in the input_bmp_reader function in input-bmp.c in AutoTrace 0.31.1 allows context-dependent attackers to have an unspecified impact via a small value in the biSize field in the header of a BMP file, which triggers a buffer overflow.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| autotrace | fixed | 0.31.1-16+nmu1 | package | |
| autotrace | no-dsa | wheezy | package | |
| autotrace | no-dsa | squeeze | package | |
| gimp | fixed | 2.6.10-1 | package |
Примечания
Gimp was fixed earlier, but only Squeeze version was checked
In gimp code introduced with d9c6f88141aecf956c5d721168f795de0e3027b8
and fixed with 57f805a159874107c6c98065f9aa648c3634b8fd
https://git.gnome.org/browse/gimp/commit/?h=d9c6f88141aecf956c5d7
https://git.gnome.org/browse/gimp/commit/?h=57f805a159874107c6c98
EPSS
Связанные уязвимости
Integer underflow in the input_bmp_reader function in input-bmp.c in AutoTrace 0.31.1 allows context-dependent attackers to have an unspecified impact via a small value in the biSize field in the header of a BMP file, which triggers a buffer overflow.
Integer underflow in the input_bmp_reader function in input-bmp.c in AutoTrace 0.31.1 allows context-dependent attackers to have an unspecified impact via a small value in the biSize field in the header of a BMP file, which triggers a buffer overflow.
Integer underflow in the input_bmp_reader function in input-bmp.c in AutoTrace 0.31.1 allows context-dependent attackers to have an unspecified impact via a small value in the biSize field in the header of a BMP file, which triggers a buffer overflow.
Integer underflow in the input_bmp_reader function in input-bmp.c in AutoTrace 0.31.1 allows context-dependent attackers to have an unspecified impact via a small value in the biSize field in the header of a BMP file, which triggers a buffer overflow.
EPSS