A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image.
Red Hat Security Advisory 2021-4519-02 - AutoTrace is a program for converting bitmaps to vector graphics. Issues addressed include double free and integer overflow vulnerabilities.