Lucene search

K
ubuntucveUbuntu.comUB:CVE-2013-1953
HistoryDec 09, 2013 - 12:00 a.m.

CVE-2013-1953

2013-12-0900:00:00
ubuntu.com
ubuntu.com
8

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.004

Percentile

72.1%

Integer underflow in the input_bmp_reader function in input-bmp.c in
AutoTrace 0.31.1 allows context-dependent attackers to have an unspecified
impact via a small value in the biSize field in the header of a BMP file,
which triggers a buffer overflow.

Notes

Author Note
seth-arnold sam2p included based on comment in OSS thread
mdeslaur gimp was fixed by commit in 2006, we’re not affected.
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchautotrace< 0.31.1-16+deb7u1ubuntu0.1UNKNOWN
ubuntu14.04noarchsam2p< anyUNKNOWN
ubuntu16.04noarchsam2p< anyUNKNOWN

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.004

Percentile

72.1%