Summary: | <media-gfx/autotrace-0.31.1-r8: heap-based buffer overflow in pstoedit_suffix_table_init (output-pstoedit.c) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | fonts, graphics+disabled, slawomir.nizio |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/ | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: |
media-gfx/autotrace-0.31.1-r8
|
Runtime testing required: | --- |
Bug Depends on: | 620802 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2017-03-27 08:14:46 UTC
CVE ID: CVE-2016-7392 Summary: Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted bmp image file. Published: 2017-02-15T21:59:00.000Z Fixed via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2fcc7c830301a4ae876393e6ca0e1f74b7deca9f @ Arches, please test and mark stable: =media-gfx/autotrace-0.31.1-r8 Hi, it make no-sense stabilize the package since there is bug 619040. I'd suggest to pmask. (In reply to Agostino Sarubbo from comment #3) > Hi, it make no-sense stabilize the package since there is bug 619040. > > I'd suggest to pmask. I agree. I created a tracker bug. Package should get PMASKED by 2017-06-30. commit af14a9845810137c82742baf89bf3dd4fcbc9540 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: Wed Aug 16 12:11:52 2017 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: Wed Aug 16 12:21:39 2017 media-gfx/autotrace: Remove last-rited pkg, #620802 This issue was resolved and addressed in GLSA 201708-09 at https://security.gentoo.org/glsa/201708-09 by GLSA coordinator Aaron Bauman (b-man). |