5 matches found
CVE-2010-4262
Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a FIG image with a crafted color definition...
Stack overflow
Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a FIG image with a crafted color definition...
CVE-2010-4262
CVE-2010-4262 describes a stack-based buffer overflow in Xfig 3.2.4/3.2.5 triggered by a crafted FIG image color definition, leading to remote denial of service and potential arbitrary code execution. Several open advisories reference this vulnerability along with CVEs-2009-4227/-4228, indicating...
Fedora 14 : xfig-3.2.5-25.b.fc14 (2010-18589)
Mon Dec 6 2010 Stanislav Ochotnicky - 3.2.5-25.b - Fix buffer overflow when opening malicious fig files - Thu Nov 25 2010 Hans de Goede 3.2.5-24.b - Fix importing of eps files 657290 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...
Code injection
Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the 1 xfig-epsPID, 2 xfig-picPID.pix, 3 xfig-picPID.err, 4 xfig-pcxPID.pix, 5 xfig-xfigrcPID, 6 xfigPID, 7 xfig-printPID, 8 xfig-exportPID.err, 9 xfig-batchPID, 10 xfig-expPID, or 11 xfig-spell.PID...