CVE-2013-1953 — Integer Underflow (Wrap or Wraparound) in Project Autotrace

CWE-1898 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

0.3%

top 42.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gimp Autotrace Project Autotrace

Timeline

PublishedDec 9

Latest updateMay 17

Description

Integer underflow in the input_bmp_reader function in input-bmp.c in AutoTrace 0.31.1 allows context-dependent attackers to have an unspecified impact via a small value in the biSize field in the header of a BMP file, which triggers a buffer overflow.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDautotrace_project/autotrace0.31.1

▶Debiangimp/gimp< 2.6.10-1+3

🔴Vulnerability Details

GHSA

GHSA-j9fj-j92c-8fqr: Integer underflow in the input_bmp_reader function in input-bmp↗2022-05-17

▶

OSV

CVE-2013-1953: Integer underflow in the input_bmp_reader function in input-bmp↗2013-12-09

▶

CVEList

CVE-2013-1953: Integer underflow in the input_bmp_reader function in input-bmp↗2013-12-09

▶

📋Vendor Advisories

Red Hat

autotrace: buffer overflow when parsing BMP files↗2013-04-16

▶

Debian

CVE-2013-1953: gimp - Integer underflow in the input_bmp_reader function in input-bmp.c in AutoTrace 0...↗2013

▶

💬Community

Bugzilla

CVE-2013-1953 autotrace: buffer overflow when parsing BMP files [fedora-all]↗2013-04-16

▶

Bugzilla

CVE-2013-1953 autotrace: buffer overflow when parsing BMP files↗2013-04-11

▶