fig2dev 安全漏洞

fig2dev is a simple tool from the Xfig open source. It is used to translate fig code from a named fig file into a specified graphics language. A security vulnerability exists in fig2dev version 3.2.9a, which stems from a segmentation error in the putpatternarc function that could lead to a denial...

RHEL 7 : transfig (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - transfig: Buffer underwrite in read.c:getline via crafted FIG file CVE-2018-16140 - An array index error ...

RHEL 8 : transfig (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - transfig: Buffer underwrite in read.c:getline via crafted FIG file CVE-2018-16140 - Xfig fig2dev 3.2.7a h...

The vulnerability of the open_stream function in the file conversion utility for files with the .fig and .fig2dev extensions allows a malicious actor to cause a service failure by writing beyond the buffer boundaries in memory.

The vulnerability of the openstream function in the file conversion utility for files with the .fig and .fig2dev extensions is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

SUSE CVE-2009-4227

Stack-based buffer overflow in the read13textobject function in freadold.c in Xfig 3.2.5b and earlier, and in the readtextobject function in read13.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses t...

SUSE CVE-2009-4228

Stack consumption vulnerability in ubound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service application crash via a long string in a malformed .fig file that uses the 1.3 file format, possibly related to the readfpfig function in fread.c...

SUSE CVE-2018-16140

A buffer underwrite vulnerability in getline read.c in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file...

The vulnerability of the genptk_text component of the .fig Fig2dev file conversion utility allows a attacker to cause a service failure.

The vulnerability of the genptktext component of the .fig Fig2dev file conversion utility is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows an attacker to cause a service failure by converting the .fig file into a .ptk format...

The vulnerability of the get_line() function in the .fig conversion utility for fig2dev allows a hacker to cause a service failure.

The vulnerability of the getline function in the .fig conversion utility for the fig2dev extension is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to trigger a service failure using a specially created .fig fi...

CVE-2018-16140

The fig2dev utility, as shipped with the transfig package, is vulnerable to one-byte buffer underwrite in getline function when processing specially crafted FIG file, having only minimal security impact in most situations...

DEBIAN-CVE-2018-16140

A buffer underwrite vulnerability in getline read.c in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file...

fig2dev buffer overflow vulnerability

fig2dev is used to convert .fig files to various graphics languages and formats. A buffer underflow vulnerability exists in getline in read.c in fig2dev 3.2.7a. An attacker could exploit this vulnerability by writing before the buffer starts via a specially crafted .fig file...

UBUNTU-CVE-2018-16140

A buffer underwrite vulnerability in getline read.c in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file...

DEBIAN-CVE-2017-16899

An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the readtextobject functions in read.c and read13.c...

CVE-2009-4227

Stack-based buffer overflow in the read13textobject function in freadold.c in Xfig 3.2.5b and earlier, and in the readtextobject function in read13.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses t...

UBUNTU-CVE-2009-4227

Stack-based buffer overflow in the read13textobject function in freadold.c in Xfig 3.2.5b and earlier, and in the readtextobject function in read13.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses t...

CVE-2009-4227

Stack-based buffer overflow in the read13textobject function in freadold.c in Xfig 3.2.5b and earlier, and in the readtextobject function in read13.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses t...

CVE-2009-4228

Stack consumption vulnerability in ubound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service application crash via a long string in a malformed .fig file that uses the 1.3 file format, possibly related to the readfpfig function in fread.c...

CVE-2009-4227

Stack-based buffer overflow in the read13textobject function in freadold.c in Xfig 3.2.5b and earlier, and in the readtextobject function in read13.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses t...