Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2019-19746

Published: 12 December 2019

make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.

Notes

AuthorNote
mdeslaur
can't reproduce on xenial

Priority

Medium

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package Release Status
transfig
Launchpad, Ubuntu, Debian
impish Does not exist

groovy Does not exist

hirsute Does not exist

lunar Does not exist

bionic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(could not reproduce)
fig2dev
Launchpad, Ubuntu, Debian
impish Not vulnerable
(1:3.2.7b-3ubuntu1)
groovy Not vulnerable
(1:3.2.7b-3ubuntu1)
hirsute Not vulnerable
(1:3.2.7b-3ubuntu1)
jammy Not vulnerable
(1:3.2.7b-3ubuntu1)
lunar Not vulnerable
(1:3.2.7b-3ubuntu1)
bionic Needs triage

disco Ignored
(end of life)
eoan Ignored
(end of life)
focal Needed

kinetic Not vulnerable
(1:3.2.7b-3ubuntu1)
trusty Does not exist

upstream
Released (1:3.2.7b-3)
xenial Does not exist

Patches:
upstream: https://sourceforge.net/p/mcj/fig2dev/ci/3065abc7b4f740ed6532322843531317de782a26/

Severity score breakdown

Parameter Value
Base score 5.5
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H