PT-2017-3935 · Unspecified+2 · Fig2Dev+2

Ace Team

·

Publicado

2017-11-17

·

Atualizado

2024-06-15

·

CVE-2018-16140

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions fig2dev version 3.2.7a
Description A buffer underwrite issue in the get line() function allows an attacker to write prior to the beginning of the buffer via a crafted .fig file, potentially leading to a denial of service. The vulnerability is related to a buffer operation exceeding its boundaries in memory.
Recommendations For fig2dev version 3.2.7a, consider avoiding the use of the get line() function until a patch is available. As a temporary workaround, restrict the processing of .fig files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

BDU:2020-01867
CVE-2018-16140
DLA-2073-1
MGASA-2019-0064
OPENSUSE-SU-2019:1455-1
OPENSUSE-SU-2019_1455-1
OPENSUSE-SU-2024:11472-1
SUSE-SU-2019:1291-1
SUSE-SU-2020:1806-1
SUSE-SU-2020_1806-1
USN-3760-1

Produtos afetados

Suse
Ubuntu
Fig2Dev