Bug 1385511 (CVE-2016-8685, CVE-2016-8686, CVE-2016-8694, CVE-2016-8695, CVE-2016-8696, CVE-2016-8697, CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, CVE-2016-8702, CVE-2016-8703, CVE-2017-7263)

Summary: CVE-2016-8685 CVE-2016-8686 CVE-2016-8694 CVE-2016-8695 CVE-2016-8696 CVE-2016-8697 CVE-2016-8698 CVE-2016-8699 CVE-2016-8700 CVE-2016-8701 CVE-2016-8702 CVE-2016-8703 CVE-2017-7263 potrace: Multiple security issues
Product: [Other] Security Response Reporter: Andrej Nemec <anemec>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: susi.lehtola
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 03:00:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1385512, 1385513    
Bug Blocks:    

Description Andrej Nemec 2016-10-17 08:53:32 UTC 
Multiple issues in potrace were assigned CVEs on oss-security.

References:

http://seclists.org/oss-sec/2016/q4/153


https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/

AddressSanitizer: SEGV on unknown address 0x4f027b in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:717:4

Use CVE-2016-8694.


AddressSanitizer: SEGV on unknown address 0x4f0957 in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:744:4

Use CVE-2016-8695.


AddressSanitizer: SEGV on unknown address 0x4f10b7 in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:651:11

Use CVE-2016-8696.


https://blogs.gentoo.org/ago/2016/08/08/potrace-divide-by-zero-in-bm_new-bitmap-h/

AddressSanitizer: FPE on unknown address 0x508d51 in bm_new /tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap.h:63:24

Use CVE-2016-8697.


https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/

AddressSanitizer: heap-buffer-overflow ... READ of size 4 0x4f3709 in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:717:4

Use CVE-2016-8698.


AddressSanitizer: heap-buffer-overflow ... READ of size 4 0x4f3728 in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:651:11

Use CVE-2016-8699.


AddressSanitizer: heap-buffer-overflow ... READ of size 4 0x4f37a8 in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:652:11

Use CVE-2016-8700.


AddressSanitizer: heap-buffer-overflow ... READ of size 4 0x4f3829 in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:690:4

Use CVE-2016-8701.


AddressSanitizer: heap-buffer-overflow ... READ of size 4 0x4f38d4 in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:744:4

Use CVE-2016-8702.


AddressSanitizer: heap-buffer-overflow ... READ of size 4 0x4f3947 in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:601:2

Use CVE-2016-8703.

References:

http://seclists.org/oss-sec/2016/q4/151


https://blogs.gentoo.org/ago/2016/08/29/potrace-memory-allocation-failure

AddressSanitizer failed to allocate 0x200003000 bytes of LargeMmapAllocator

Use CVE-2016-8686.

References:

http://seclists.org/oss-sec/2016/q4/150


https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/

SEGV on unknown address

0x7fd7ec5bcbf3 in findnext ... potrace-1.13/src/decompose.c:436:11
0x7fd7ec5bcbf3 in getenv ... potrace-1.13/src/decompose.c:478

Use CVE-2016-8685.
Comment 1 Andrej Nemec 2016-10-17 08:54:25 UTC 
Created potrace tracking bugs for this issue:

Affects: fedora-all [bug 1385512]
Affects: epel-all [bug 1385513]
Comment 2 Martin Prpič 2017-03-27 15:07:27 UTC 
Adding "heap-based buffer overflow in bm_readbody_bmp (bitmap_io.c) (incomplete fix for CVE-2016-8698)":

http://seclists.org/oss-sec/2017/q1/682
https://blogs.gentoo.org/ago/2017/03/03/potrace-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c-incomplete-fix-for-cve-2016-8698/
Comment 3 Product Security DevOps Team 2019-06-08 03:00:17 UTC 
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.