Bug 2107471 (CVE-2022-32323) - CVE-2022-32323 autotrace: heap-buffer overflow via the ReadImage() at input-bmp.c
Summary: CVE-2022-32323 autotrace: heap-buffer overflow via the ReadImage() at input-b...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-32323
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2121826 2121827 2121828
Blocks: 2107473
TreeView+ depends on / blocked
 
Reported: 2022-07-15 07:25 UTC by TEJ RATHI
Modified: 2023-05-16 17:43 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A buffer overflow flaw was found in the autotrace package. This flaw allows an attacker to trick the user into opening a maliciously crafted BMP image, triggering arbitrary code execution or causing the application to crash.
Clone Of:
Environment:
Last Closed: 2023-05-16 17:43:07 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:2589 0 None None None 2023-05-09 08:01:27 UTC
Red Hat Product Errata RHSA-2023:3067 0 None None None 2023-05-16 08:49:15 UTC

Description TEJ RATHI 2022-07-15 07:25:06 UTC
AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660.

https://github.com/autotrace/autotrace/commit/e96bffadc25ff0ba0e10745f8012efcc5f920ea9

Comment 1 Parag Nemade 2022-07-15 09:56:44 UTC
You are not authorized to access bug #2107473.

Comment 3 Parag Nemade 2022-07-15 10:27:28 UTC
I do not see any reference by looking into that commit that it is related to heap-buffer overflow. Are you sure fixing "Misleading indentation" is related to heap-buffer overflow?

I think the commit that should be considered for the CVE is https://github.com/autotrace/autotrace/commit/e96bffadc25ff0ba0e10745f8012efcc5f920ea9

Comment 5 Marco Benatto 2022-08-26 17:45:53 UTC
Created autotrace tracking bugs for this issue:

Affects: fedora-all [bug 2121826]

Comment 7 Marco Benatto 2022-08-26 18:08:34 UTC
There's a flaw in autotrace ReadImage() function. When reading the BMP image header it relies in the untrusted input from the file and doesn't proper validate if its contents fits the internal buffer size, an attacker can leverage that by crafting a malicious BMP file triggering a buffer overflow. An successful attack can lead to possible code execution with a high impact in confidentiality and integrity, for availability the impact can be considered low as it affects only the single execution from the single user running the application. For a successful attack to happens, the attacker needs to trick the user to open the crafted BMP file.

Comment 8 errata-xmlrpc 2023-05-09 08:01:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:2589 https://access.redhat.com/errata/RHSA-2023:2589

Comment 9 errata-xmlrpc 2023-05-16 08:49:14 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:3067 https://access.redhat.com/errata/RHSA-2023:3067

Comment 10 Product Security DevOps Team 2023-05-16 17:43:05 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-32323


Note You need to log in before you can comment on or make changes to this bug.