Multiple vulnerabilities have been found in AutoTrace, the worst of which could cause a Denial of Service condition.
|Package||media-gfx/autotrace on all architectures|
|Affected versions||<= 0.31.1-r8|
AutoTrace converts bitmap to vector graphics.
Heap-based buffer overflows have been discovered in the pstoedit_suffix_table_init and pnm_load_rawpbm functions of AutoTrace.
Remote attackers, by enticing a user to process a crafted bmp image file, could cause a Denial of Service condition.
There is no known workaround at this time.
Gentoo has discontinued support for AutoTrace. We recommend that users unmerge AutoTrace:
# emerge --unmerge "media-gfx/autotrace"