Vulnerability Details : CVE-2013-1953
Integer underflow in the input_bmp_reader function in input-bmp.c in AutoTrace 0.31.1 allows context-dependent attackers to have an unspecified impact via a small value in the biSize field in the header of a BMP file, which triggers a buffer overflow.
Vulnerability category: Overflow
Products affected by CVE-2013-1953
- cpe:2.3:a:autotrace_project:autotrace:0.31.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-1953
0.34%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-1953
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2013-1953
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1953
-
https://bugzilla.redhat.com/show_bug.cgi?id=951257
951257 – (CVE-2013-1953) CVE-2013-1953 autotrace: buffer overflow when parsing BMP files
-
http://www.openwall.com/lists/oss-security/2013/04/16/3
oss-security - Re: autotrace: stack-based buffer overflow in bmp parser
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:190
mandriva.com
Jump to