Lucene search
+L

398 matches found

Vulnrichment
Vulnrichment
added 2024/03/27 12:0 a.m.9 views

CVE-2023-45920

Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints. NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager...

7.3AI score0.00235EPSS
Exploits0References2
CVE
CVE
added 2024/03/27 12:0 a.m.66 views

CVE-2023-45920

Xfig v3.2.8 contains a NULL pointer dereference in XGetWMHints(), CVE-2023-45920. Multiple connected advisories confirm the issue and note that its remediation has been released: Mageia (MGASA-2024-0125), SUSE (SUSE-SU-2024:1196-1), and OSV entries indicate fixes. Descriptions consistently state ...

4.2CVSS7.1AI score0.00235EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.4 views

PT-2024-13302 · Xfig +2 · Xfig +2

Name of the Vulnerable Software and Affected Versions: Xfig version 3.2.8 Description: A NULL pointer dereference issue was discovered when calling the XGetWMHints function. This issue is disputed as it is not expected for an X application to continue running with arbitrary anomalous behavior fro...

4.2CVSS6.6AI score0.00235EPSS
Exploits0References27
OpenVAS
OpenVAS
added 2023/03/28 12:0 a.m.12 views

Mageia: Security Advisory (MGASA-2023-0101)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.00976EPSS
Exploits1References4
Mageia
Mageia
added 2023/03/18 10:16 p.m.29 views

Updated xfig packages fix security vulnerability

A potential buffer overflow exists in the file src/whelp.c at line 55. Specifically, the length of the string returned by getenv"LANG" may become very long and cause a buffer overflow while executing the sprintf function. This vulnerability could potentially allow an attacker to execute arbitrary...

9.8CVSS4.9AI score0.00976EPSS
Exploits1References2
OSV
OSV
added 2023/03/18 10:16 p.m.9 views

MGASA-2023-0101 Updated xfig packages fix security vulnerability

A potential buffer overflow exists in the file src/whelp.c at line 55. Specifically, the length of the string returned by getenv"LANG" may become very long and cause a buffer overflow while executing the sprintf function. This vulnerability could potentially allow an attacker to execute arbitrary...

9.8CVSS9.7AI score0.00976EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.9 views

Debian: Security Advisory (DLA-3353-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.00976EPSS
Exploits1References4
Debian
Debian
added 2023/03/05 4:0 p.m.41 views

[SECURITY] [DLA 3353-1] xfig security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3353-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky March 05, 2023 https://wiki.debian.org/LTS -...

9.8CVSS9.8AI score0.00976EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/03/05 12:0 a.m.30 views

Debian dla-3353 : xfig - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3353 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3353-1 [email protected] https://www.debian.org/lts/security/...

9.8CVSS8.6AI score0.00976EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:15 a.m.6 views

SUSE CVE-2006-1550

Multiple buffer overflows in the xfig import code xfig-import.c in Dia 0.87 and later before 0.95-pre6 allow user-assisted attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid 1 color index, 2 number of points, or 3 depth...

7.6CVSS7.5AI score0.02412EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.3 views

SUSE CVE-2009-1962

Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the 1 xfig-epsPID, 2 xfig-picPID.pix, 3 xfig-picPID.err, 4 xfig-pcxPID.pix, 5 xfig-xfigrcPID, 6 xfigPID, 7 xfig-printPID, 8 xfig-exportPID.err, 9 xfig-batchPID, 10 xfig-expPID, or 11 xfig-spell.PID...

4.4CVSS6.8AI score0.00332EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.3 views

SUSE CVE-2009-4228

Stack consumption vulnerability in ubound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service application crash via a long string in a malformed .fig file that uses the 1.3 file format, possibly related to the readfpfig function in fread.c...

4.3CVSS6.8AI score0.01693EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.3 views

SUSE CVE-2009-4227

Stack-based buffer overflow in the read13textobject function in freadold.c in Xfig 3.2.5b and earlier, and in the readtextobject function in read13.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses t...

6.8CVSS8.4AI score0.10603EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:55 a.m.2 views

SUSE CVE-2010-4262

Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a FIG image with a crafted color definition...

6.8CVSS7.8AI score0.0582EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:37 a.m.4 views

SUSE CVE-2017-16899

An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the readtextobject functions in read.c and read13.c...

6.5CVSS6.5AI score0.0135EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.4 views

SUSE CVE-2019-14275

Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calcarrow function in bound.c...

4.4CVSS7.5AI score0.01241EPSS
Exploits1References13
SUSE CVE
SUSE CVE
added 2023/02/15 4:6 a.m.3 views

SUSE CVE-2019-19555

readtextobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf...

4.3CVSS7.5AI score0.01069EPSS
Exploits1References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:5 a.m.3 views

SUSE CVE-2019-19797

readcolordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write...

5.4CVSS7AI score0.01221EPSS
Exploits1References10
SUSE CVE
SUSE CVE
added 2023/02/15 3:55 a.m.5 views

SUSE CVE-2020-21675

A stack-based buffer overflow in the genptktext component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into ptk format...

5.5CVSS7.2AI score0.01059EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:55 a.m.3 views

SUSE CVE-2020-21681

A global buffer overflow in the setcolor component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into ge format...

7.5CVSS7.2AI score0.00826EPSS
Exploits1References10
Rows per page
Query Builder