autotrace-0.31.1-645.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12090 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z autotrace-0.31.1-645.1 on GA media These are all security issues fixed in the autotrace-0.31.1-645.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12090 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12090 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2017-9182/ SUSE CVE CVE-2017-9182 page https://www.suse.com/security/cve/CVE-2019-19004/ SUSE CVE CVE-2019-19004 page https://www.suse.com/security/cve/CVE-2019-19005/ SUSE CVE CVE-2019-19005 page openSUSE Tumbleweed autotrace-0.31.1-645.1 autotrace-devel-0.31.1-645.1 libautotrace3-0.31.1-645.1 autotrace-0.31.1-645.1 as a component of openSUSE Tumbleweed autotrace-devel-0.31.1-645.1 as a component of openSUSE Tumbleweed libautotrace3-0.31.1-645.1 as a component of openSUSE Tumbleweed libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (use-after-free and invalid heap read), related to the GET_COLOR function in color.c:16:11. CVE-2017-9182 openSUSE Tumbleweed:autotrace-0.31.1-645.1 openSUSE Tumbleweed:autotrace-devel-0.31.1-645.1 openSUSE Tumbleweed:libautotrace3-0.31.1-645.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9182.html CVE-2017-9182 https://bugzilla.suse.com/1040278 SUSE Bug 1040278 https://bugzilla.suse.com/1182159 SUSE Bug 1182159 A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image. CVE-2019-19004 openSUSE Tumbleweed:autotrace-0.31.1-645.1 openSUSE Tumbleweed:autotrace-devel-0.31.1-645.1 openSUSE Tumbleweed:libautotrace3-0.31.1-645.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-19004.html CVE-2019-19004 https://bugzilla.suse.com/1182158 SUSE Bug 1182158 A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. This may occur after the use-after-free in CVE-2017-9182. CVE-2019-19005 openSUSE Tumbleweed:autotrace-0.31.1-645.1 openSUSE Tumbleweed:autotrace-devel-0.31.1-645.1 openSUSE Tumbleweed:libautotrace3-0.31.1-645.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-19005.html CVE-2019-19005 https://bugzilla.suse.com/1182159 SUSE Bug 1182159