Autotrace Project Autotrace vulnerabilities

CVE-2022-32323 [HIGH] CWE-787 CVE-2022-32323: AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp. AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660.

CVE-2019-19005 [HIGH] CVE-2019-19005: A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact v A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. This may occur after the use-after-free in CVE-2017-9182.

CVE-2019-19004 [LOW] CWE-190 CVE-2019-19004: A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide a A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image.

CVE-2017-9194 [CRITICAL] CWE-125 CVE-2017-9194: libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in in libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:559:29.

CVE-2017-9200 [CRITICAL] CWE-190 CVE-2017-9200: libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:52 libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:528:63.

CVE-2017-9187 [CRITICAL] CWE-190 CVE-2017-9187: libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:48 libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:486:7.

CVE-2017-9193 [CRITICAL] CWE-125 CVE-2017-9193: libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in in libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:538:33.

CVE-2017-9165 [CRITICAL] CWE-125 CVE-2017-9165: libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in co libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:17:11.

CVE-2017-9153 [CRITICAL] CWE-119 CVE-2017-9153: libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_rawpbm function libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_rawpbm function in input-pnm.c:391:13.

CVE-2017-9164 [CRITICAL] CWE-125 CVE-2017-9164: libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in co libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:16:11.

CVE-2017-9197 [CRITICAL] CWE-190 CVE-2017-9197: libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:49 libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:498:55.

CVE-2017-9151 [CRITICAL] CWE-119 CVE-2017-9151: libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_ascii function i libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_ascii function in input-pnm.c:303:12.

CVE-2017-9169 [CRITICAL] CWE-119 CVE-2017-9169: libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in inp libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:355:25.

CVE-2017-9152 [CRITICAL] CWE-125 CVE-2017-9152: libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the pnm_load_raw function in libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the pnm_load_raw function in input-pnm.c:346:41.

CVE-2017-9162 [CRITICAL] CWE-190 CVE-2017-9162: libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:19 libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:191:2.

CVE-2017-9185 [CRITICAL] CWE-190 CVE-2017-9185: libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:31 libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:319:7.

CVE-2017-9160 [CRITICAL] CWE-119 CVE-2017-9160: libautotrace.a in AutoTrace 0.31.1 has a stack-based buffer overflow in the pnmscanner_gettoken func libautotrace.a in AutoTrace 0.31.1 has a stack-based buffer overflow in the pnmscanner_gettoken function in input-pnm.c:458:12.

CVE-2017-9184 [CRITICAL] CWE-190 CVE-2017-9184: libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:31 libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:314:7.

CVE-2017-9173 [CRITICAL] CWE-119 CVE-2017-9173: libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in inp libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:497:29.

CVE-2017-9183 [CRITICAL] CWE-704 CVE-2017-9183: libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:30 libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:309:7.