Skip to main content

Potrace CVE-2013-7437

MEDIUM
Integer Overflow or Wraparound (CWE-190)
2015-03-29 secalert@redhat.com
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:N/I:N/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
P

Lifecycle Timeline

1
CVE Published
Mar 29, 2015 - 21:59 cve.org
MEDIUM 5.0

DescriptionCVE.org

Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow.

AnalysisAI

Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow. Affected products include: Icoasoft Potrace.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

CVE-2016-8698 HIGH
7.8 Jan 31

Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers

CVE-2016-8703 HIGH
7.8 Jan 31

Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers

CVE-2016-8702 HIGH
7.8 Jan 31

Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers

CVE-2016-8701 HIGH
7.8 Jan 31

Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers

CVE-2016-8700 HIGH
7.8 Jan 31

Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers

CVE-2016-8699 HIGH
7.8 Jan 31

Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers

CVE-2017-7263 HIGH
7.8 Mar 26

The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows remote attackers to cause a denial of service (heap-b

CVE-2016-8686 HIGH
7.8 Jan 31

The bm_new function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image,

CVE-2017-12067 HIGH
7.5 Aug 01

Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic function in mkbitmap.c. Rated high severity (CVS

CVE-2016-8696 MEDIUM
5.5 Jan 31

The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service

CVE-2016-8695 MEDIUM
5.5 Jan 31

The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service

CVE-2016-8694 MEDIUM
5.5 Jan 31

The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service

Share

CVE-2013-7437 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy