Описание
Security update for potrace
This update for potrace to version 1.14 fixes the following issues:
Security issues fixed:
- CVE-2016-8685, CVE-2016-8686: Bugs triggered by malformed BMP files have been fixed (boo#1005026).
Bugfixes:
- Error reporting has been improved.
- The image size is now truncated when the bitmap data ends prematurely.
- It is now possible to use negative dy in bitmap data.
Список пакетов
openSUSE Leap 42.1
libpotrace0-1.14-8.1
potrace-1.14-8.1
potrace-devel-1.14-8.1
openSUSE Leap 42.2
libpotrace0-1.14-8.1
potrace-1.14-8.1
potrace-devel-1.14-8.1
Ссылки
- E-Mail link for openSUSE-SU-2017:0648-1
- SUSE Security Ratings
Описание
The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image.
Затронутые продукты
openSUSE Leap 42.1:libpotrace0-1.14-8.1
openSUSE Leap 42.1:potrace-1.14-8.1
openSUSE Leap 42.1:potrace-devel-1.14-8.1
openSUSE Leap 42.2:libpotrace0-1.14-8.1
Ссылки
- CVE-2016-8685
- SUSE Bug 1005026
- SUSE Bug 1005027
Описание
The bm_new function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
Затронутые продукты
openSUSE Leap 42.1:libpotrace0-1.14-8.1
openSUSE Leap 42.1:potrace-1.14-8.1
openSUSE Leap 42.1:potrace-devel-1.14-8.1
openSUSE Leap 42.2:libpotrace0-1.14-8.1
Ссылки
- CVE-2016-8686
- SUSE Bug 1005026
- SUSE Bug 1005027