{"id":"UBUNTU-CVE-2013-1953","details":"Integer underflow in the input_bmp_reader function in input-bmp.c in AutoTrace 0.31.1 allows context-dependent attackers to have an unspecified impact via a small value in the biSize field in the header of a BMP file, which triggers a buffer overflow.","modified":"2026-04-22T09:21:44.673737Z","published":"2013-12-09T16:36:00Z","upstream":["CVE-2013-1953"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-1953"},{"type":"REPORT","url":"https://git.gnome.org/browse/gimp/commit/?h=d9c6f88141aecf956c5d7"},{"type":"REPORT","url":"https://git.gnome.org/browse/gimp/commit/?h=57f805a159874107c6c98"},{"type":"REPORT","url":"http://www.openwall.com/lists/oss-security/2013/04/16/1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2013-1953"}],"affected":[{"package":{"name":"autotrace","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/autotrace@0.31.1-16+deb7u1ubuntu0.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.31.1-16+deb7u1ubuntu0.1"}]}],"versions":["0.31.1-16build2","0.31.1-16+deb7u1build0.14.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"0.31.1-16+deb7u1ubuntu0.1","binary_name":"autotrace"},{"binary_version":"0.31.1-16+deb7u1ubuntu0.1","binary_name":"libautotrace3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-1953.json"}},{"package":{"name":"sam2p","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/sam2p@0.49.2-3+deb8u3build0.14.04.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.49.1-1","0.49.2-2","0.49.2-3+deb8u3build0.14.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.49.2-3+deb8u3build0.14.04.1","binary_name":"sam2p"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-1953.json"}},{"package":{"name":"sam2p","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/sam2p@0.49.2-3+deb8u3build0.16.04.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.49.2-3","0.49.2-3+deb8u3build0.16.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.49.2-3+deb8u3build0.16.04.1","binary_name":"sam2p"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-1953.json"}}],"schema_version":"1.7.5","severity":[{"type":"Ubuntu","score":"medium"}]}