CVE-2013-1953 - Integer underflow in the input_bmp_reader function in input-bmp.c in AutoTrace 0.31.1 allows context

CVE-2013-1953

Summary

Integer underflow in the input_bmp_reader function in input-bmp.c in AutoTrace 0.31.1 allows context-dependent attackers to have an unspecified impact via a small value in the biSize field in the header of a BMP file, which triggers a buffer overflow.

References

http://www.mandriva.com/security/advisories?name=MDVSA-2013:190
http://www.openwall.com/lists/oss-security/2013/04/16/3
https://bugzilla.redhat.com/show_bug.cgi?id=951257

Vulnerable Configurations

cpe:2.3:a:autotrace_project:autotrace:0.31.1:*:*:*:*:*:*:*
cpe:2.3:a:autotrace_project:autotrace:0.31.1:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 13-12-2013 - 05:14)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

confirm	https://bugzilla.redhat.com/show_bug.cgi?id=951257
mandriva	MDVSA-2013:190
mlist	[oss-security] 20130316 Re: autotrace: stack-based buffer overflow in bmp parser

Last major update

13-12-2013 - 05:14

Published

09-12-2013 - 16:36

Last modified

13-12-2013 - 05:14