Bug 1005009 (CVE-2016-8694)

Summary: VUL-0: CVE-2016-8694,CVE-2016-8695,CVE-2016-8696,CVE-2016-8697,CVE-2016-8698,CVE-2016-8699,CVE-2016-8700,CVE-2016-8701,CVE-2016-8702,CVE-2016-8703: potrace: Multiple crashes
Product: [Novell Products] SUSE Security Incidents Reporter: Johannes Segitz <jsegitz>
Component: IncidentsAssignee: Stanislav Brabec <sbrabec>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium    
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: openSUSE 42.1   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Johannes Segitz 2016-10-17 07:52:19 UTC 
From: Agostino Sarubbo

> https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/

> AddressSanitizer: SEGV on unknown address
> 0x4f027b in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:717:4

Use CVE-2016-8694.

> AddressSanitizer: SEGV on unknown address
> 0x4f0957 in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:744:4

Use CVE-2016-8695.

> AddressSanitizer: SEGV on unknown address
> 0x4f10b7 in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:651:11

Use CVE-2016-8696.

> https://blogs.gentoo.org/ago/2016/08/08/potrace-divide-by-zero-in-bm_new-bitmap-h/

> AddressSanitizer: FPE on unknown address
> 0x508d51 in bm_new /tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap.h:63:24

Use CVE-2016-8697.

> https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/

> AddressSanitizer: heap-buffer-overflow ... READ of size 4
> 0x4f3709 in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:717:4

Use CVE-2016-8698.

> AddressSanitizer: heap-buffer-overflow ... READ of size 4
> 0x4f3728 in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:651:11

Use CVE-2016-8699.

> AddressSanitizer: heap-buffer-overflow ... READ of size 4
> 0x4f37a8 in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:652:11

Use CVE-2016-8700.

> AddressSanitizer: heap-buffer-overflow ... READ of size 4
> 0x4f3829 in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:690:4

Use CVE-2016-8701.

> AddressSanitizer: heap-buffer-overflow ... READ of size 4
> 0x4f38d4 in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:744:4

Use CVE-2016-8702.

> AddressSanitizer: heap-buffer-overflow ... READ of size 4
> 0x4f3947 in bm_readbody_bmp /var/tmp/portage/media-gfx/potrace-1.12/work/potrace-1.12/src/bitmap_io.c:601:2

Use CVE-2016-8703.
Comment 1 Swamp Workflow Management 2016-10-17 22:01:12 UTC 
bugbot adjusting priority
Comment 2 Stanislav Brabec 2017-03-02 18:23:51 UTC 
These CVE were assigned ex-post, about one year after releasing a fix in potrace-1.13. We already handled this vulnerability in past.

*** This bug has been marked as a duplicate of bug 951760 ***