Vulnerability Name:

CVE-2013-7437 (CCN-102938)

Assigned:2013-04-23
Published:2013-04-23
Updated:2016-12-07
Summary:Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-189
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2013-7437

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2015:1909

Source: CCN
Type: Potrace Web site
Transforming bitmaps into vector graphics

Source: MLIST
Type: UNKNOWN
[oss-security] 20150206 potrace: possible heap overflow

Source: MISC
Type: UNKNOWN
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778646

Source: CCN
Type: Red Hat Bugzilla - Bug 955808
potrace: possible heap overflow

Source: MISC
Type: Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=955808

Source: XF
Type: UNKNOWN
potrace-cve20137437-dos(102938)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-7437

Vulnerable Configuration:Configuration 1:
  • cpe:/a:icoasoft:potrace:1.11:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:icoasoft:potrace:1.11:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:795
    P
    		Security update for slurm_20_02 (Important)
    2022-10-03
    oval:org.opensuse.security:def:20137437
    V
    		CVE-2013-7437
    2022-09-02
    oval:org.opensuse.security:def:684
    P
    		Security update for java-11-openjdk (Important)
    2022-08-09
    oval:org.opensuse.security:def:3579
    P
    		libblkid1-2.33.2-2.13 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95209
    P
    		libpotrace0-1.16-150400.1.5 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:1376
    P
    		Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP3) (Important)
    2022-06-06
    oval:org.opensuse.security:def:1719
    P
    		Security update for php7 (Low)
    2022-05-20
    oval:org.opensuse.security:def:112781
    P
    		libpotrace0-1.13-1.5 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106252
    P
    		Security update for tomcat (Important)
    2021-11-16
    oval:org.opensuse.security:def:1487
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:1131
    P
    		Security update for go1.16 (Moderate)
    2021-10-20
    oval:org.opensuse.security:def:64582
    P
    		Security update for postgresql12 (Moderate)
    2021-09-29
    oval:org.opensuse.security:def:71282
    P
    		libncurses6-32bit-6.1-5.3.1 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:71169
    P
    		dhcp-4.3.5-4.15 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:47534
    P
    		xlockmore-5.43-5.30 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47316
    P
    		libXi6-1.7.4-17.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48315
    P
    		supportutils-3.0.3-95.27.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47758
    P
    		libospf0-1.1.1-17.7.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47331
    P
    		libarchive13-3.1.2-25.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48120
    P
    		libgssglue1-0.4-3.76 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47645
    P
    		ibus-chewing-1.4.14-4.11 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47206
    P
    		apache2-mod_nss-1.0.14-18.3 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48266
    P
    		perl-HTML-Parser-3.71-1.145 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47869
    P
    		python-pywbem-0.7.0-4.3 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47341
    P
    		libevent-2_0-5-2.0.21-4.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48231
    P
    		libykcs11-1-1.5.0-3.16 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47666
    P
    		libMagickCore-6_Q16-1-6.8.8.1-71.85.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47317
    P
    		libXinerama1-1.1.3-3.54 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47906
    P
    		tpm2.0-tools-3.1.1-1.16 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47452
    P
    		openssh-7.2p2-69.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47205
    P
    		apache2-mod_jk-1.2.40-5.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48204
    P
    		libtasn1-4.9-3.10.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47777
    P
    		libraptor2-0-2.0.10-3.63 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47220
    P
    		cifs-utils-6.5-8.9 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48331
    P
    		unrar-5.0.14-3.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48017
    P
    		ghostscript-9.27-23.28.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:1020
    P
    		krb5-1.16.3-3.15.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:100788
    P
    		autoyast2-4.3.77-1.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:72527
    P
    		libpotrace0-1.15-3.19 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:1248
    P
    		tboot-20170711_1.9.8-15.9.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62808
    P
    		libpotrace0-1.15-3.19 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:101214
    P
    		libpotrace0-1.15-3.19 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:48433
    P
    		gnutls-3.2.15-11.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48442
    P
    		gzip-1.6-7.209 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48544
    P
    		libqt4-4.8.6-7.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48362
    P
    		accountsservice-0.6.42-14.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48377
    P
    		bash-4.3-78.39 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48473
    P
    		libXt6-1.1.4-3.57 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:1604
    P
    		Security update for graphviz (Critical)
    2021-05-19
    oval:org.opensuse.security:def:64495
    P
    		Security update for the Linux Kernel (Important)
    2021-05-12
    oval:org.opensuse.security:def:66755
    P
    		Security update for giflib (Low)
    2021-04-28
    oval:org.opensuse.security:def:70006
    P
    		Security update for glib2 (Important)
    2021-03-19
    oval:org.opensuse.security:def:49461
    P
    		Security update for nodejs12 (Important)
    2021-02-26
    oval:org.opensuse.security:def:73446
    P
    		Security update for sudo (Important)
    2021-01-26
    oval:org.opensuse.security:def:89926
    P
    		libpotrace0-1.15-3.19 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:72295
    P
    		libpotrace0-1.15-3.19 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:103581
    P
    		libpotrace0-1.15-3.19 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62576
    P
    		libpotrace0-1.15-3.19 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:94075
    P
    		libpotrace0-1.15-3.19 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:72412
    P
    		libpotrace0-1.15-3.19 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:107454
    P
    		libpotrace0-1.15-3.19 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62693
    P
    		libpotrace0-1.15-3.19 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:117012
    P
    		libpotrace0-1.15-3.19 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:72184
    P
    		libpotrace0-1.15-3.19 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62465
    P
    		libpotrace0-1.15-3.19 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:49407
    P
    		gnome-keyring on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49689
    P
    		libpotrace0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:66663
    P
    		zoo on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:70111
    P
    		libpotrace0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49518
    P
    		gnome-online-accounts-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:67829
    P
    		unzip on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49635
    P
    		gstreamer-plugins-bad on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49572
    P
    		libpotrace0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:73328
    P
    		tar on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:67929
    P
    		libpotrace0 on GA media (Moderate)
    2020-12-01
    oval:com.ubuntu.cosmic:def:201374370000000
    V
    		CVE-2013-7437 on Ubuntu 18.10 (cosmic) - low.
    2015-03-29
    oval:com.ubuntu.artful:def:20137437000
    V
    		CVE-2013-7437 on Ubuntu 17.10 (artful) - low.
    2015-03-29
    oval:com.ubuntu.trusty:def:20137437000
    V
    		CVE-2013-7437 on Ubuntu 14.04 LTS (trusty) - low.
    2015-03-29
    oval:com.ubuntu.bionic:def:201374370000000
    V
    		CVE-2013-7437 on Ubuntu 18.04 LTS (bionic) - low.
    2015-03-29
    oval:com.ubuntu.bionic:def:20137437000
    V
    		CVE-2013-7437 on Ubuntu 18.04 LTS (bionic) - low.
    2015-03-29
    oval:com.ubuntu.xenial:def:20137437000
    V
    		CVE-2013-7437 on Ubuntu 16.04 LTS (xenial) - low.
    2015-03-29
    oval:com.ubuntu.xenial:def:201374370000000
    V
    		CVE-2013-7437 on Ubuntu 16.04 LTS (xenial) - low.
    2015-03-29
    oval:com.ubuntu.cosmic:def:20137437000
    V
    		CVE-2013-7437 on Ubuntu 18.10 (cosmic) - low.
    2015-03-29
    oval:com.ubuntu.disco:def:201374370000000
    V
    		CVE-2013-7437 on Ubuntu 19.04 (disco) - low.
    2015-03-29
    oval:com.ubuntu.precise:def:20137437000
    V
    		CVE-2013-7437 on Ubuntu 12.04 LTS (precise) - low.
    2015-03-29
    BACK
    icoasoft potrace 1.11
    icoasoft potrace 1.11