ALT-PU-2017-1196-1
Closed vulnerabilities
Published: 2017-02-01
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-8685
The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image.
Severity: MEDIUM (5.5)
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- [oss-security] 20161008 potrace: invalid memory access in findnext (decompose.c)
- [oss-security] 20161008 potrace: invalid memory access in findnext (decompose.c)
- [oss-security] 20161015 Re: potrace: invalid memory access in findnext (decompose.c)
- [oss-security] 20161015 Re: potrace: invalid memory access in findnext (decompose.c)
- 93470
- 93470
- https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/
- https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/
Published: 2017-02-01
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-8686
The bm_new function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
Severity: HIGH (7.8)
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References: