These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2016-8703 is a heap-based buffer overflow in Potrace’s BMP parser (bm_readbody_bmp in bitmap_io.c). A crafted BMP image can trigger the flaw in versions before 1.13, potentially impacting confidentiality, integrity, and availability.
CVE-2016-8702 is a heap-based buffer overflow in Potrace’s BMP parser, bm_readbody_bmp() in bitmap_io.c. The issue affects Potrace versions before 1.13, with the vulnerable version range in NVD ending at 1.12. A crafted BMP image can trigger the flaw, and NVD rates the issue HIGH with potential impact to confidentiality, integrity, and availability.
CVE-2016-8701 is a memory-corruption flaw in Potrace's BMP parser. A crafted BMP image can trigger a heap-based buffer overflow in bm_readbody_bmp within bitmap_io.c. NVD rates the issue HIGH and maps affected versions through 1.12, with the fix associated with the 1.13 release line.
CVE-2016-8700 is a high-severity memory corruption issue in potrace’s BMP parsing path. The vulnerability is a heap-based buffer overflow in bm_readbody_bmp within bitmap_io.c, affecting potrace versions before 1.13. The CVE description says a crafted BMP image can trigger the flaw; NVD also classifies the issue as CWE-119 and assigns a CVSS 3.0 score of 7.8 (HIGH).
CVE-2016-8699 is a heap-based buffer overflow in Potrace's BMP parsing path, specifically bm_readbody_bmp in bitmap_io.c. The issue affects Potrace versions before 1.13, and the CVE description says a crafted BMP image can trigger impact on the target. The NVD record classifies it as CWE-119 and rates it 7.8 HIGH.
CVE-2016-8698 describes a heap-based buffer overflow in Potrace’s bm_readbody_bmp function in bitmap_io.c. The issue affects Potrace versions through 1.12 and is triggered by a crafted BMP image. NVD rates the issue HIGH with a CVSS 3.0 score of 7.8. The record also notes this is a distinct vulnerability from CVE-2016-8699 through CVE-2016-8703.
CVE-2016-8697 is a denial-of-service issue in Potrace before 1.13. A crafted BMP image can trigger a divide-by-zero in the bm_new function in bitmap.h, causing the process to crash. NVD classifies the issue as medium severity and maps it to CWE-369.
CVE-2016-8696 is a denial-of-service issue in potrace’s BMP parsing path. A crafted BMP image can trigger a NULL pointer dereference in bm_readbody_bmp, causing the application to crash. NVD lists the issue as affecting potrace versions through 1.12, and the CVE description places the fix boundary at before 1.13. This is a stability and availability problem rather than a confidentiality or integrity issue.
CVE-2016-8695 is a denial-of-service issue in Potrace’s BMP parsing path. A crafted BMP image can trigger a NULL pointer dereference in bm_readbody_bmp in bitmap_io.c, which can crash the process. NVD records this as affecting Potrace versions through 1.12, with a fix in 1.13.
CVE-2016-8694 describes a denial-of-service flaw in Potrace’s BMP parser. A crafted BMP image can trigger a NULL pointer dereference in bm_readbody_bmp in bitmap_io.c, crashing the process. The NVD record ties the affected range to Potrace 1.12 and earlier, with the fix implied by the 1.13 boundary.
CVE-2016-8686 is a high-severity flaw in potrace's bm_new path that can be triggered by a crafted image and lead to memory allocation failure. The source corpus describes unspecified impact, while NVD assigns a CVSS 3.0 score of 7.8 with high confidentiality, integrity, and availability impact ratings. Treat this as a risk for workflows that process attacker-controlled images with vulnerable potrace build [truncated]
CVE-2016-8685 describes a denial-of-service issue in Potrace’s BMP processing path. According to the NVD record, the flaw can trigger invalid memory access and a crash in the findnext function in decompose.c when handling a crafted BMP image. The NVD entry assigns a medium severity score (CVSS 5.5) and maps the weakness to CWE-119. The corpus also contains third-party advisory references and a version ran [truncated]