AutoTrace: Multiple vulnerabilities — GLSA 201708-09

Multiple vulnerabilities have been found in AutoTrace, the worst of which could cause a Denial of Service condition.

Affected packages

media-gfx/autotrace on all architectures
Affected versions <= 0.31.1-r8
Unaffected versions

Background

AutoTrace converts bitmap to vector graphics.

Description

Heap-based buffer overflows have been discovered in the pstoedit_suffix_table_init and pnm_load_rawpbm functions of AutoTrace.

Impact

Remote attackers, by enticing a user to process a crafted bmp image file, could cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

Gentoo has discontinued support for AutoTrace. We recommend that users unmerge AutoTrace:

 # emerge --unmerge "media-gfx/autotrace"
 

References

Release date
August 26, 2017

Latest revision
August 26, 2017: 1

Severity
normal

Exploitable
remote

Bugzilla entries