Vulnerabilities > CVE-2013-7437 - Integer Overflow or Wraparound vulnerability in Icoasoft Potrace 1.11
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-704.NASL description potrace was updated to fix one security issue. This security issue was fixed : - CVE-2013-7437: Multiple integer overflows in potrace 1.11 allowed remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow (bsc#924904). last seen 2020-06-05 modified 2015-11-05 plugin id 86739 published 2015-11-05 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86739 title openSUSE Security Update : potrace (openSUSE-2015-704) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-675.NASL description Multiple vulnerabilities have been found in potrace. CVE-2013-7437 Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow. This bug was reported by Murray McAllister of the Red Hat Security Response Team. CVE-2016-8694 CVE-2016-8695 CVE-2016-8696 Multiple NULL pointer dereferences in bm_readbody_bmp. This bug was discovered by Agostino Sarubbo of Gentoo. CVE-2016-8697 Division by zero in bm_new. This bug was discovered by Agostino Sarubbo of Gentoo. CVE-2016-8698 CVE-2016-8699 CVE-2016-8700 CVE-2016-8701 CVE-2016-8702 CVE-2016-8703 Multiple heap-based buffer overflows in bm_readbody_bmp. This bug was discovered by Agostino Sarubbo of Gentoo. For Debian 7 last seen 2020-03-17 modified 2016-10-27 plugin id 94293 published 2016-10-27 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/94293 title Debian DLA-675-1 : potrace security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-297.NASL description The bitmap to vector graphic tracing utility potrace was updated to fix one security issue. The following vulnerability was fixed : - Very large bitmaps could trigger a buffer overflow, crashing the program and causing denial of service (bsc#924904, CVE-2013-7437) last seen 2020-06-05 modified 2015-04-09 plugin id 82654 published 2015-04-09 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82654 title openSUSE Security Update : potrace (openSUSE-2015-297)