ALAS2-2023-1929 --- autotraceID: oval:org.secpod.oval:def:1701154 | Date: (C)2023-02-09 (M)2023-11-13 |
Class: PATCH | Family: unix |
Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service via a crafted bmp image file. A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image. A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. This may occur after the use-after-free in CVE-2017-9182