Potrace Project » Potrace : Security Vulnerabilities, CVEs, (Denial of service)
The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8698.
Max CVSS
7.8
EPSS Score
0.22%
Published
2017-03-26
Updated
2017-03-29
The bm_new function in bitmap.h in potrace before 1.13 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted BMP image.
Max CVSS
5.5
EPSS Score
0.37%
Published
2017-01-31
Updated
2017-02-05
The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8694 and CVE-2016-8695.
Max CVSS
5.5
EPSS Score
0.39%
Published
2017-01-31
Updated
2017-02-05
The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8694 and CVE-2016-8696.
Max CVSS
5.5
EPSS Score
0.39%
Published
2017-01-31
Updated
2017-02-05
The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8695 and CVE-2016-8696.
Max CVSS
5.5
EPSS Score
0.39%
Published
2017-01-31
Updated
2017-02-05
The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image.
Max CVSS
5.5
EPSS Score
0.37%
Published
2017-01-31
Updated
2017-02-05
6 vulnerabilities found