CVE-2013-7437
potrace - security update
EPSS 0.73%
Description
Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow.
How to fix CVE-2013-7437
To remediate CVE-2013-7437, upgrade the affected package to a fixed version below.
- Debian/potrace—upgrade to 1.12-1 or later
- Debian/potrace—upgrade to 1.10-1+deb7u1 or later
Is CVE-2013-7437 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.12-1
- from 0, < 1.10-1+deb7u1