SB2021021140 - Multiple vulnerabilities in autotrace

Description

This security bulletin contains information about 3 vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2017-9182)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the GET_COLOR() function in color.c. A remote attacker can trick the victim to pass a specially crafted image to the application, trigger a use-after-free error and execute arbitrary code on the system.

2) Use-after-free (CVE-ID: CVE-2019-19005)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing a malformed bitmap image. A remote attacker can trick the victim to pass a specially crafted image to the application, trigger a use-after-free error and execute arbitrary code on the system.

3) Integer overflow (CVE-ID: CVE-2019-19004)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in input-bmp.c. A remote attacker can trick the victim to pass specially crafted input to the application, trigger an integer overflow and crash the application.

Remediation

Install update from vendor's website.

References

• https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/
• https://github.com/autotrace/autotrace/pull/40
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC6MUH2RLVEA634LHBNZ2KO7MQKI2RDZ/
• https://bugzilla.redhat.com/show_bug.cgi?id=1945031