MidnightBSD

Advisories for xfig_project

CVE-2017-16899 MEDIUM

An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-129,

Products Affected

Vendor Product Version
xfig_project xfig 3.2.6a
debian debian_linux 9.0
debian debian_linux 8.0
CVE-2019-14275 MEDIUM

Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
opensuse leap 15.1
opensuse leap 15.2
debian debian_linux 8.0
xfig_project fig2dev 3.2.7
CVE-2019-19555 MEDIUM

read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
xfig_project xfig 3.2.7
CVE-2019-19797 MEDIUM

read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 31
debian debian_linux 9.0
xfig_project fig2dev 3.2.7
fedoraproject fedora 30
CVE-2020-21529 MEDIUM

fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 9.0
debian debian_linux 10.0
xfig_project fig2dev 3.2.7
CVE-2020-21530 MEDIUM

fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
xfig_project fig2dev 3.2.7
CVE-2020-21531 MEDIUM

fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
debian debian_linux 9.0
debian debian_linux 10.0
xfig_project fig2dev 3.2.7
CVE-2020-21532 MEDIUM

fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
debian debian_linux 9.0
debian debian_linux 10.0
xfig_project fig2dev 3.2.7
CVE-2020-21533 MEDIUM

fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 9.0
xfig_project fig2dev 3.2.7
CVE-2020-21534 MEDIUM

fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
debian debian_linux 9.0
xfig_project fig2dev 3.2.7
CVE-2020-21535 MEDIUM

fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 9.0
xfig_project fig2dev 3.2.7
CVE-2021-32280 MEDIUM

An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
xfig_project fig2dev *
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2021-40241

xfig 3.2.7 is vulnerable to Buffer Overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
xfig_project xfig 3.2.7
CVE-2023-45920

Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager.

Products Affected

Vendor Product Version
xfig_project xfig 3.2.8