Lucene search

[email protected]CVE-2009-4227

HistoryDec 08, 2009 - 6:30 p.m.

CVE-2009-4227

2009-12-0818:30:00

CWE-119

[email protected]

web.nvd.nist.gov

xfig

transfig

stack-based buffer overflow

read_1_3_textobject

f_readold.c

read_textobject

read1_3.c

cve-2009-4227

nvd

information security

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.171 Low

EPSS

Percentile

96.1%

JSON

Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses the 1.3 file format. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
xfig:xfigxfigeq3.2.5
xfig:xfigxfigle3.2.5b

CPE	Name	Operator	Version
xfig:xfig	xfig	eq	3.2.5
xfig:xfig	xfig	le	3.2.5b

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=559274

secunia.com/advisories/37571

secunia.com/advisories/37577

www.mandriva.com/security/advisories?name=MDVSA-2011:010

www.openwall.com/lists/oss-security/2009/12/03/2

www.securityfocus.com/bid/37193

www.vupen.com/english/advisories/2011/0108

bugzilla.redhat.com/show_bug.cgi?id=543905

exchange.xforce.ibmcloud.com/vulnerabilities/54525

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.171 Low

EPSS

Percentile

96.1%

JSON

Related for CVE-2009-4227

debiancve1 prion1 ubuntucve1 fedora4 nessus6 openvas11 gentoo1 securityvulns2