Lucene search
Gentoo FoundationGLSA-201412-14HistoryDec 13, 2014 - 12:00 a.m.
Xfig: User-assisted execution of arbitrary code
2014-12-1300:00:00
Gentoo Foundation
security.gentoo.org
10
0.171 Low
EPSS
Percentile
96.1%
Background
Xfig is an interactive drawing tool.
Description
A stack-based buffer overflow and a stack consumption vulnerability have been found in Xfig.
Impact
A remote attacker could entice a user to open a specially-crafted file, potentially resulting in arbitrary code execution or a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Xfig users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/xfig-3.2.5c"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | media-gfx/xfig | < 3.2.5c | UNKNOWN |
Related
fedora
fedora
[SECURITY] Fedora 17 Update: xfig-3.2.5-32.b.fc17
2012-08-22 21:02:10
[SECURITY] Fedora 16 Update: transfig-3.2.5d-4.fc16
2012-08-27 03:29:11
[SECURITY] Fedora 17 Update: transfig-3.2.5d-7.fc17
2012-08-27 03:26:00
nessus
nessus
Fedora 17 : transfig-3.2.5d-7.fc17 (2012-11718)
2012-08-27 00:00:00
Fedora 16 : xfig-3.2.5-32.b.fc16 (2012-11813)
2012-08-23 00:00:00
GLSA-201412-14 : Xfig: User-assisted execution of arbitrary code
2014-12-15 00:00:00
openvas
openvas
Fedora Update for xfig FEDORA-2012-11813
2012-08-24 00:00:00
Fedora Update for transfig FEDORA-2012-11718
2012-08-30 00:00:00
Fedora Update for xfig FEDORA-2012-11813
2012-08-24 00:00:00
securityvulns
securityvulns
[ MDVSA-2011:010 ] xfig
2011-01-19 00:00:00
Xfig multiple security vulnerabilities
2011-01-19 00:00:00
debiancve
debiancve
CVE-2009-4228
2009-12-08 18:30:00
CVE-2009-4227
2009-12-08 18:30:00
ubuntucve
ubuntucve
CVE-2009-4228
2009-12-08 00:00:00
CVE-2009-4227
2009-12-08 00:00:00
cve
cve
CVE-2009-4228
2009-12-08 18:30:00
CVE-2009-4227
2009-12-08 18:30:00
prion
prion
Format string
2009-12-08 18:30:00
Stack overflow
2009-12-08 18:30:00