CVE-2017-9182 — Use After Free in Project Autotrace

CWE-416 — Use After Free CWE-415 — Double Free9 documents5 sources

Severity

7.8HIGHNVD

NVD7.5OSV7.5

EPSS

0.8%

top 25.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Autotrace Project Autotrace Fedoraproject Fedora

Timeline

PublishedMay 23

Latest updateMay 24

Description

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (use-after-free and invalid heap read), related to the GET_COLOR function in color.c:16:11.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDautotrace_project/autotrace0.31.1

Also affects: Fedora 34

🔴Vulnerability Details

GHSA

GHSA-h25v-w22w-w3pj: A bitmap double free in main↗2022-05-24

▶

GHSA

GHSA-56w4-5cfw-3cq2: libautotrace↗2022-05-14

▶

OSV

CVE-2019-19005: A bitmap double free in main↗2021-02-11

▶

OSV

CVE-2017-9182: libautotrace↗2017-05-23

▶

📋Vendor Advisories

Red Hat

autotrace: bitmap double free in main.c allows attackers to cause an unspecified impact↗2021-02-11

▶

Red Hat

autotrace: Multiple security issues↗2017-05-20

▶

💬Community

Bugzilla

CVE-2017-9151..CVE-2017-9200 autotrace: Multiple security issues↗2017-05-23

▶