CVE-2013-1953 — Vulnetix

CVE-2013-1953 PUBLISHED

Integer underflow in the input_bmp_reader function in input-bmp.c in AutoTrace 0.31.1 allows context-dependent attackers to have an unspecified impact via a small value in the biSize field in the header of a BMP file, which triggers a buffer overflow.

EPSS 0.35% · 57.6th percentile

Risk Scores

EPSS Score

0.35%

57.6th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:14.04:LTS	sam2p	0, 0.49.2-2, 0.49.2-3+deb8u3build0.14.04.1
Ubuntu:14.04:LTS	autotrace	0, 0.31.1-16build2, 0.31.1-16+deb7u1build0.14.04.1
Ubuntu:16.04:LTS	sam2p	0, 0.49.2-3, 0.49.2-3+deb8u3build0.16.04.1

Exploit Intelligence

https://bugzilla.redhat.com/show_bug.cgi?id=951257 (circl)
[oss-security] 20130316 Re: autotrace: stack-based buffer overflow in bmp parser (circl)
MDVSA-2013:190 (circl)

Timeline

Dec 9, 2013 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 17, 2022 CVE Updated
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2013-1953 third-party-advisory
https://git.gnome.org/browse/gimp/commit/?h=d9c6f88141aecf956c5d7 third-party-advisory
https://git.gnome.org/browse/gimp/commit/?h=57f805a159874107c6c98 third-party-advisory
http://www.openwall.com/lists/oss-security/2013/04/16/1 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2013-1953 third-party-advisory

Open in Interactive Console →