Search CVE reports
1 – 7 of 7 results
CVE-2023-45920
Medium priority** DISPUTED ** Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary...
1 affected packages
xfig
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
xfig | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2021-40241
Medium priorityxfig 3.2.7 is vulnerable to Buffer Overflow.
1 affected packages
xfig
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
xfig | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-32280
Medium prioritySome fixes available 2 of 4
An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8.
3 affected packages
fig2dev, transfig, xfig
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
fig2dev | Not affected | Not affected | Fixed | Fixed | Ignored |
transfig | Not in release | Not in release | Not in release | Not in release | Vulnerable |
xfig | Not affected | Not affected | Not affected | Not affected | Vulnerable |
CVE-2010-4262
Medium priorityStack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a FIG image with a crafted color definition.
1 affected packages
xfig
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
xfig | — | — | — | Not affected | Not affected |
CVE-2009-4228
Low priorityStack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service (application crash) via a long string in a malformed .fig file that uses the 1.3 file format, possibly...
1 affected packages
xfig
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
xfig | — | Not affected | Not affected | Not affected | Not affected |
CVE-2009-4227
Medium priorityStack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to...
1 affected packages
xfig
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
xfig | — | — | Not affected | Not affected | Not affected |
CVE-2009-1962
Low priorityXfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID],...
1 affected packages
xfig
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
xfig | — | Not affected | Not affected | Not affected | Not affected |