PT-2017-14628 · Xfig+2 · Xfig+2

Joonun Jang

Publicado

2017-11-20

Atualizado

2024-06-15

CVE-2017-16899

CVSS v3.1

7.1

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Xfig version 3.2.6a

Description The issue is related to an array index error in the fig2dev program, which can be exploited by remote attackers using a maliciously crafted Fig format file. This can lead to a denial-of-service attack or information disclosure. The error is specifically related to a negative font value in dev/gentikz.c, and the read textobject functions in read.c and read1 3.c.

Recommendations For Xfig version 3.2.6a, consider restricting the use of the fig2dev program until a patch is available, and avoid processing untrusted Fig format files to minimize the risk of exploitation.

Correção

DoS

Improper Validation of Array Index

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-129

Identificadores relacionados

ALT-PU-2018-2050

CVE-2017-16899

MGASA-2017-0469

OPENSUSE-SU-2024:11472-1

SUSE-SU-2018:0231-1

SUSE-SU-2018:0232-1

SUSE-SU-2018_0231-1

SUSE-SU-2018_0232-1

Produtos afetados

Alt Linux

Suse

Xfig

PT-2017-14628 · Xfig+2 · Xfig+2

CVE-2017-16899

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 26