Bug 1385511 (CVE-2016-8685, CVE-2016-8686, CVE-2016-8694, CVE-2016-8695, CVE-2016-8696, CVE-2016-8697, CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, CVE-2016-8702, CVE-2016-8703, CVE-2017-7263) - CVE-2016-8685 CVE-2016-8686 CVE-2016-8694 CVE-2016-8695 CVE-2016-8696 CVE-2016-8697 CVE-2016-8698 CVE-2016-8699 CVE-2016-8700 CVE-2016-8701 CVE-2016-8702 CVE-2016-8703 CVE-2017-7263 potrace: Multiple security issues
Summary: CVE-2016-8685 CVE-2016-8686 CVE-2016-8694 CVE-2016-8695 CVE-2016-8696 CVE-201...
Keywords:
Status: CLOSED UPSTREAM
Alias: CVE-2016-8685, CVE-2016-8686, CVE-2016-8694, CVE-2016-8695, CVE-2016-8696, CVE-2016-8697, CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, CVE-2016-8702, CVE-2016-8703, CVE-2017-7263
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1385512 1385513
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-10-17 08:53 UTC by Andrej Nemec
Modified: 2019-09-29 13:57 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-08 03:00:17 UTC
Embargoed:


Attachments (Terms of Use)

Description Andrej Nemec 2016-10-17 08:53:32 UTC
Multiple issues in potrace were assigned CVEs on oss-security.

References:

http://seclists.org/oss-sec/2016/q4/153


https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/

AddressSanitizer: SEGV on unknown address 0x4f027b in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:717:4

Use CVE-2016-8694.


AddressSanitizer: SEGV on unknown address 0x4f0957 in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:744:4

Use CVE-2016-8695.


AddressSanitizer: SEGV on unknown address 0x4f10b7 in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:651:11

Use CVE-2016-8696.


https://blogs.gentoo.org/ago/2016/08/08/potrace-divide-by-zero-in-bm_new-bitmap-h/

AddressSanitizer: FPE on unknown address 0x508d51 in bm_new /tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap.h:63:24

Use CVE-2016-8697.


https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/

AddressSanitizer: heap-buffer-overflow ... READ of size 4 0x4f3709 in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:717:4

Use CVE-2016-8698.


AddressSanitizer: heap-buffer-overflow ... READ of size 4 0x4f3728 in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:651:11

Use CVE-2016-8699.


AddressSanitizer: heap-buffer-overflow ... READ of size 4 0x4f37a8 in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:652:11

Use CVE-2016-8700.


AddressSanitizer: heap-buffer-overflow ... READ of size 4 0x4f3829 in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:690:4

Use CVE-2016-8701.


AddressSanitizer: heap-buffer-overflow ... READ of size 4 0x4f38d4 in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:744:4

Use CVE-2016-8702.


AddressSanitizer: heap-buffer-overflow ... READ of size 4 0x4f3947 in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:601:2

Use CVE-2016-8703.

References:

http://seclists.org/oss-sec/2016/q4/151


https://blogs.gentoo.org/ago/2016/08/29/potrace-memory-allocation-failure

AddressSanitizer failed to allocate 0x200003000 bytes of LargeMmapAllocator

Use CVE-2016-8686.

References:

http://seclists.org/oss-sec/2016/q4/150


https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/

SEGV on unknown address

0x7fd7ec5bcbf3 in findnext ... potrace-1.13/src/decompose.c:436:11
0x7fd7ec5bcbf3 in getenv ... potrace-1.13/src/decompose.c:478

Use CVE-2016-8685.

Comment 1 Andrej Nemec 2016-10-17 08:54:25 UTC
Created potrace tracking bugs for this issue:

Affects: fedora-all [bug 1385512]
Affects: epel-all [bug 1385513]

Comment 2 Martin Prpič 2017-03-27 15:07:27 UTC
Adding "heap-based buffer overflow in bm_readbody_bmp (bitmap_io.c) (incomplete fix for CVE-2016-8698)":

http://seclists.org/oss-sec/2017/q1/682
https://blogs.gentoo.org/ago/2017/03/03/potrace-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c-incomplete-fix-for-cve-2016-8698/

Comment 3 Product Security DevOps Team 2019-06-08 03:00:17 UTC
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.


Note You need to log in before you can comment on or make changes to this bug.