Lucene search

Gentoo FoundationMGASA-2017-0280

HistoryAug 19, 2017 - 12:22 p.m.

Updated potrace packages fix security vulnerability

2017-08-1912:22:31

Gentoo Foundation

advisories.mageia.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

44.7%

JSON

Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic function in mkbitmap.c (CVE-2017-12067).

OSVersionArchitecturePackageVersionFilename
Mageia5noarchpotrace< 1.15-1potrace-1.15-1.mga5
Mageia6noarchpotrace< 1.15-1potrace-1.15-1.mga6

OS	Version	Architecture	Package	Version	Filename
Mageia	5	noarch	potrace	< 1.15-1	potrace-1.15-1.mga5
Mageia	6	noarch	potrace	< 1.15-1	potrace-1.15-1.mga6

References

bugs.mageia.org/show_bug.cgi?id=21515

lists.fedoraproject.org/archives/list/[email protected]/thread/PG4MCYIFDHYLJGKJFKDL3GEYN52V5EOM/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

44.7%

JSON

Related for MGASA-2017-0280