Описание
AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660.
A buffer overflow flaw was found in the autotrace package. This flaw allows an attacker to trick the user into opening a maliciously crafted BMP image, triggering arbitrary code execution or causing the application to crash.
Отчет
The inkscape package distributed with Red Hat Enterprise Linux 9 is not affected by this issue. Although it ships autotrace as a bundled dependency, it does not include the affected BMP reader code.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | autotrace | Out of support scope | ||
| Red Hat Enterprise Linux 7 | autotrace | Out of support scope | ||
| Red Hat Enterprise Linux 9 | inkscape | Not affected | ||
| Red Hat Enterprise Linux 9 | inkscape:flatpak/inkscape | Not affected | ||
| Red Hat Enterprise Linux 8 | autotrace | Fixed | RHSA-2023:3067 | 16.05.2023 |
| Red Hat Enterprise Linux 9 | autotrace | Fixed | RHSA-2023:2589 | 09.05.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.3 High
CVSS3
Связанные уязвимости
AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660.
AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660.
AutoTrace v0.40.0 was discovered to contain a heap overflow via the Re ...
EPSS
7.3 High
CVSS3