Lucene search

MitreCVELIST:CVE-2016-8696

HistoryJan 31, 2017 - 10:00 p.m.

CVE-2016-8696

2017-01-3122:00:00

mitre

www.cve.org

AI Score

5.3

Confidence

High

EPSS

0.004

Percentile

73.4%

JSON

The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8694 and CVE-2016-8695.

References

potrace.sourceforge.net/ChangeLog

www.openwall.com/lists/oss-security/2016/08/18/11

www.openwall.com/lists/oss-security/2016/10/16/12

www.securityfocus.com/bid/93778

blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/