4 matches found
CVE-2019-19555
CVE-2019-19555 : In Xfig fig2dev 3.2.7b, read_textobject in read.c suffers a stack-based buffer overflow caused by an incorrect sscanf. Public sources (Ubuntu, SUSE, Red Hat advisories) reference this CVE among multiple Fig2dev issues; exploitation details are not provided in the documents. Some ...
CVE-2021-40241
CVE-2021-40241 affects xfig 3.2.7, with a potential buffer overflow in src/w_help.c at line 55 due to getenv("LANG"). Debain/Mageia advisories document the vulnerability and provide a fixed package version: Debian 10 uses xfig 1:3.2.7a-3+deb10u1; Mageia/OSV entries reference a security update. Th...
CVE-2023-45920
Xfig v3.2.8 contains a NULL pointer dereference in XGetWMHints(), CVE-2023-45920. Multiple connected advisories confirm the issue and note that its remediation has been released: Mageia (MGASA-2024-0125), SUSE (SUSE-SU-2024:1196-1), and OSV entries indicate fixes. Descriptions consistently state ...
CVE-2017-16899
CVE-2017-16899 affects the Xfig figure conversion tool (fig2dev) in the fig2dev program, with an array index error related to a negative font value in dev/gentikz.c and in the read_textobject routines (read.c and read1_3.c). The vulnerability can allow remote attackers to cause a denial-of-servic...