{"id":"UBUNTU-CVE-2017-9159","details":"libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_rawpbm function in input-pnm.c:391:15.","modified":"2026-04-22T11:36:18.580072Z","published":"2017-05-23T04:29:00Z","upstream":["CVE-2017-9159"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-9159"},{"type":"REPORT","url":"https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2017-9159"}],"affected":[{"package":{"name":"autotrace","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/autotrace@0.31.1-16+deb7u1ubuntu0.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.31.1-16build2","0.31.1-16+deb7u1build0.14.04.1","0.31.1-16+deb7u1ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.31.1-16+deb7u1ubuntu0.1","binary_name":"autotrace"},{"binary_version":"0.31.1-16+deb7u1ubuntu0.1","binary_name":"libautotrace3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-9159.json"}},{"package":{"name":"autotrace","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/autotrace@0.31.1-16+nmu1.2ubuntu0.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.31.1-16+nmu1build1","0.31.1-16+nmu1.1","0.31.1-16+nmu1.2","0.31.1-16+nmu1.2ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.31.1-16+nmu1.2ubuntu0.1","binary_name":"autotrace"},{"binary_version":"0.31.1-16+nmu1.2ubuntu0.1","binary_name":"libautotrace3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-9159.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]}