Vulnerabilities > CVE-2013-1953 - Numeric Errors vulnerability in Autotrace Project Autotrace 0.31.1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Integer underflow in the input_bmp_reader function in input-bmp.c in AutoTrace 0.31.1 allows context-dependent attackers to have an unspecified impact via a small value in the biSize field in the header of a BMP file, which triggers a buffer overflow.

Vulnerable Configurations

Part Description Count
Application
Autotrace_Project
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-11904.NASL
    descriptionThis is an update that fixes possible buffer overflow when parsing BMP files. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-07-12
    plugin id67329
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67329
    titleFedora 19 : autotrace-0.31.1-34.fc19 (2013-11904)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2013-11904.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67329);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-1953");
      script_bugtraq_id(59075);
      script_xref(name:"FEDORA", value:"2013-11904");
    
      script_name(english:"Fedora 19 : autotrace-0.31.1-34.fc19 (2013-11904)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This is an update that fixes possible buffer overflow when parsing BMP
    files.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=951257"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/111050.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8cd29056"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected autotrace package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:autotrace");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/06/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC19", reference:"autotrace-0.31.1-34.fc19")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "autotrace");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-515.NASL
    descriptionThis update of autotrace fixes a buffer overflow issue. - Fix stack-based buffer overflow in bmp parser (CVE-2013-1953.patch, bnc#815382, CVE-2013-1953).
    last seen2020-06-05
    modified2014-06-13
    plugin id75051
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75051
    titleopenSUSE Security Update : autotrace (openSUSE-SU-2013:1044-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2013-515.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75051);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-1953");
      script_bugtraq_id(59075);
    
      script_name(english:"openSUSE Security Update : autotrace (openSUSE-SU-2013:1044-1)");
      script_summary(english:"Check for the openSUSE-2013-515 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of autotrace fixes a buffer overflow issue.
    
      - Fix stack-based buffer overflow in bmp parser
        (CVE-2013-1953.patch, bnc#815382, CVE-2013-1953)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=815382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2013-06/msg00168.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected autotrace packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:autotrace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:autotrace-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:autotrace-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:autotrace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libautotrace3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libautotrace3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/06/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.2|SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2 / 12.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.2", reference:"autotrace-0.31.1-635.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"autotrace-debuginfo-0.31.1-635.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"autotrace-debugsource-0.31.1-635.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"autotrace-devel-0.31.1-635.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libautotrace3-0.31.1-635.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libautotrace3-debuginfo-0.31.1-635.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"autotrace-0.31.1-637.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"autotrace-debuginfo-0.31.1-637.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"autotrace-debugsource-0.31.1-637.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"autotrace-devel-0.31.1-637.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libautotrace3-0.31.1-637.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libautotrace3-debuginfo-0.31.1-637.4.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "autotrace / autotrace-debuginfo / autotrace-debugsource / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-12032.NASL
    descriptionThis is an update that fixes possible buffer overflow when parsing BMP files. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-07-12
    plugin id67333
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67333
    titleFedora 18 : autotrace-0.31.1-34.fc18 (2013-12032)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-190.NASL
    descriptionUpdated autotrace package fixes security vulnerability : Stack-based buffer overflow in bmp parser (CVE-2013-1953). Updated autotrace package corrects the issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67135
    published2013-07-03
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67135
    titleMandriva Linux Security Advisory : autotrace (MDVSA-2013:190)