CVE-2009-1962

Name of the Vulnerable Software and Affected Versions: Xfig version 3.2.5

Description: The issue allows local users to read and write arbitrary files via a symlink attack on certain temporary files. These files include xfig-eps[PID], xfig-pic[PID].pix, xfig-pic[PID].err, xfig-pcx[PID].pix, xfig-xfigrc[PID], xfig[PID], xfig-print[PID], xfig-export[PID].err, xfig-batch[PID], xfig-exp[PID], and xfig-spell[PID], where [PID] is a process ID.

Recommendations: As a temporary workaround, consider restricting access to these temporary files until a patch is available. Avoid using the vulnerable temporary files in Xfig version 3.2.5 to minimize the risk of exploitation.