Advisories » MGASA-2017-0073

Updated potrace packages fix security vulnerability

Publication date: 12 Mar 2017
Modification date: 12 Mar 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-8685 , CVE-2016-8686

Description

The findnext function in decompose.c in potrace 1.13 allows remote
attackers to cause a denial of service (invalid memory access and crash)
via a crafted BMP image. (CVE-2016-8685)

The bm_new function in bitmap.h in potrace 1.13 allows remote attackers to
have unspecified impact via a crafted image, which triggers a memory
allocation failure. (CVE-2016-8686)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19604
• http://openwall.com/lists/oss-security/2016/10/16/9
• http://openwall.com/lists/oss-security/2016/10/16/10
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8685
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8686

SRPMS

5/core

• potrace-1.14-1.1.mga5