Multiple vulnerabilities have been found in AutoTrace, the worst of which could cause a Denial of Service condition.
Package | media-gfx/autotrace on all architectures |
---|---|
Affected versions | <= 0.31.1-r8 |
Unaffected versions |
AutoTrace converts bitmap to vector graphics.
Heap-based buffer overflows have been discovered in the pstoedit_suffix_table_init and pnm_load_rawpbm functions of AutoTrace.
Remote attackers, by enticing a user to process a crafted bmp image file, could cause a Denial of Service condition.
There is no known workaround at this time.
Gentoo has discontinued support for AutoTrace. We recommend that users unmerge AutoTrace:
# emerge --unmerge "media-gfx/autotrace"