PT-2019-15944 · Xfig+1 · Xfig Fig2Dev+1

Suhwan Song

Publicado

2019-12-12

Atualizado

2024-06-15

CVE-2019-19746

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Xfig fig2dev version 3.2.7b

Description The issue is related to an integer overflow in the make arrow function in arrow.c, which can cause a segmentation fault and out-of-bounds write when a large arrow type is used.

Recommendations For Xfig fig2dev version 3.2.7b, consider applying a patch or fix to address the integer overflow issue in the make arrow function to prevent potential crashes and out-of-bounds writes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-190

Identificadores relacionados

CVE-2019-19746

MGASA-2020-0116

OPENSUSE-SU-2021:1143-1

OPENSUSE-SU-2021:1311-1

OPENSUSE-SU-2021:1318-1

OPENSUSE-SU-2021:2454-1

OPENSUSE-SU-2021_1143-1

OPENSUSE-SU-2021_2454-1

OPENSUSE-SU-2024:11472-1

SUSE-SU-2021:14823-1

SUSE-SU-2021:2454-1

SUSE-SU-2021:3124-1

SUSE-SU-2021_14823-1

Produtos afetados

Suse

Xfig Fig2Dev

PT-2019-15944 · Xfig+1 · Xfig Fig2Dev+1

CVE-2019-19746

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 51