Headline
CVE-2022-32323: Merge pull request #72 from lemenkov/misleading_indentation · autotrace/autotrace@2b44c17
AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660.
@@ -640,19 +640,19 @@ static unsigned char *ReadImage(FILE * fd, int width, int height, { temp = image + (ypos * rowstride); for (xpos = 0; xpos < width; ++xpos) { px32 = ToL(&row_buf[xpos * 4]); unsigned char red = *(temp++) = ((px32 & masks[0].mask) >> masks[0].shiftin) * 255.0 / masks[0].max_value + 0.5; unsigned char green = *(temp++) = ((px32 & masks[1].mask) >> masks[1].shiftin) * 255.0 / masks[1].max_value + 0.5; unsigned char blue = *(temp++) = ((px32 & masks[2].mask) >> masks[2].shiftin) * 255.0 / masks[2].max_value + 0.5; /* currently alpha channels are not supported by AutoTrace, thus simply ignored */ /*if (channels > 3) *(temp++) = ((px32 & masks[3].mask) >> masks[3].shiftin) * 255.0 / masks[3].max_value + 0.5;*/ }
if (ypos == 0) break;
–ypos; /* next line */ px32 = ToL(&row_buf[xpos * 4]); unsigned char red = *(temp++) = ((px32 & masks[0].mask) >> masks[0].shiftin) * 255.0 / masks[0].max_value + 0.5; unsigned char green = *(temp++) = ((px32 & masks[1].mask) >> masks[1].shiftin) * 255.0 / masks[1].max_value + 0.5; unsigned char blue = *(temp++) = ((px32 & masks[2].mask) >> masks[2].shiftin) * 255.0 / masks[2].max_value + 0.5; /* currently alpha channels are not supported by AutoTrace, thus simply ignored */ /*if (channels > 3) *(temp++) = ((px32 & masks[3].mask) >> masks[3].shiftin) * 255.0 / masks[3].max_value + 0.5;*/ }
if (ypos == 0) break;
–ypos; /* next line */ } } break; @@ -667,7 +667,11 @@ static unsigned char *ReadImage(FILE * fd, int width, int height, *(temp++) = row_buf[xpos * 3 + 1]; *(temp++) = row_buf[xpos * 3]; } --ypos; /* next line */
if (ypos == 0) break;
–ypos; /* next line */ } } break; @@ -679,19 +683,19 @@ static unsigned char *ReadImage(FILE * fd, int width, int height, temp = image + (ypos * rowstride); for (xpos = 0; xpos < width; ++xpos) { rgb = ToS(&row_buf[xpos * 2]); *(temp++) = ((rgb & masks[0].mask) >> masks[0].shiftin) * 255.0 / masks[0].max_value + 0.5; *(temp++) = ((rgb & masks[1].mask) >> masks[1].shiftin) * 255.0 / masks[1].max_value + 0.5; *(temp++) = ((rgb & masks[2].mask) >> masks[2].shiftin) * 255.0 / masks[2].max_value + 0.5; /* currently alpha channels are not supported by AutoTrace, thus simply ignored */ /*if (channels > 3) *(temp++) = ((rgb & masks[3].mask) >> masks[3].shiftin) * 255.0 / masks[3].max_value + 0.5;*/ }
if (ypos == 0) break;
–ypos; /* next line */ rgb = ToS(&row_buf[xpos * 2]); *(temp++) = ((rgb & masks[0].mask) >> masks[0].shiftin) * 255.0 / masks[0].max_value + 0.5; *(temp++) = ((rgb & masks[1].mask) >> masks[1].shiftin) * 255.0 / masks[1].max_value + 0.5; *(temp++) = ((rgb & masks[2].mask) >> masks[2].shiftin) * 255.0 / masks[2].max_value + 0.5; /* currently alpha channels are not supported by AutoTrace, thus simply ignored */ /*if (channels > 3) *(temp++) = ((rgb & masks[3].mask) >> masks[3].shiftin) * 255.0 / masks[3].max_value + 0.5;*/ }
if (ypos == 0) break;
–ypos; /* next line */ } } break;
Related news
Red Hat Security Advisory 2023-3067-01 - AutoTrace is a program for converting bitmaps to vector graphics. Issues addressed include a buffer overflow vulnerability.
An update for autotrace is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32323: A buffer overflow flaw was found in the autotrace package. This flaw allows an attacker to trick the user into opening a maliciously crafted BMP image, triggering arbitrary code execution or causing the application to crash.
An update for autotrace is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32323: A buffer overflow flaw was found in the autotrace package. This flaw allows an attacker to trick the user into opening a maliciously crafted BMP image, triggering arbitrary code execution or causing the application to crash.