CVE-2019-19004

LOW

autotrace 0.31.1 - Buffer Overflow

Title source: llm

Description

A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image.

References (4)

Core 4

Core References

Patch, Third Party Advisory x_refsource_misc

https://github.com/autotrace/autotrace/commits/master

View Patch ZIP pw:eip

Patch, Third Party Advisory x_refsource_misc

https://github.com/autotrace/autotrace/commits/master/src/input-bmp.c

View Patch ZIP pw:eip

Patch, Third Party Advisory x_refsource_confirm

https://github.com/autotrace/autotrace/pull/40

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NC6MUH2RLVEA634LHBNZ2KO7MQKI2RDZ/

Scores

CVSS v3 3.3

EPSS 0.0037

EPSS Percentile 58.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Details

CWE

CWE-190

Status published

Products (2)

autotrace_project/autotrace 0.31.1

fedoraproject/fedora 34

Published Feb 11, 2021

Tracked Since Feb 18, 2026