Joined: 12 May 2004
|Posted: Sat Aug 26, 2017 3:26 pm Post subject: [ GLSA 201708-09 ] AutoTrace
|Gentoo Linux Security Advisory
Title: AutoTrace: Multiple vulnerabilities (GLSA 201708-09)
Bug(s): #613992, #619040
Multiple vulnerabilities have been found in AutoTrace, the worst of
which could cause a Denial of Service condition.
AutoTrace converts bitmap to vector graphics.
Vulnerable: <= 0.31.1-r8
Architectures: All supported architectures
Heap-based buffer overflows have been discovered in the
pstoedit_suffix_table_init and pnm_load_rawpbm functions of AutoTrace.
Remote attackers, by enticing a user to process a crafted bmp image
file, could cause a Denial of Service condition.
There is no known workaround at this time.
Gentoo has discontinued support for AutoTrace. We recommend that users
|# emerge --unmerge "media-gfx/autotrace"