{
  "schema_version": "1.7.0",
  "id": "MGASA-2015-0474",
  "published": "2015-12-16T21:01:04Z",
  "modified": "2015-12-16T20:55:08Z",
  "summary": "Updated potrace packages fix security vulnerabilities",
  "details": "Potrace before 1.13 has some critical bugs in the processing of BMP files.\nThese bugs allowed the program to be crashed, or potentially to be abused in\nother ways, by feeding it specially crafted BMP files, due to heap overflow,\nnull pointer dereference, and divide by zero issues.\n",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2015-0474.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=17317"
    },
    {
      "type": "WEB",
      "url": "http://potrace.sourceforge.net/NEWS"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/pipermail/package-announce/2015-December/173441.html"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:5",
        "name": "potrace",
        "purl": "pkg:rpm/mageia/potrace?arch=source&distro=mageia-5"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.13-1.mga5"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}