PT-2019-5480 · Xfig+3 · Xfig Fig2Dev+3

Frederic Cambus

Publicado

2019-07-26

Atualizado

2024-06-15

CVE-2019-14275

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Xfig fig2dev version 3.2.7a

Description The issue is related to a buffer overflow in the calc arrow function, which can be exploited by an attacker using a specially crafted .fig file, potentially leading to a denial of service.

Recommendations For Xfig fig2dev version 3.2.7a, consider disabling the calc arrow function in the bound.c file as a temporary workaround until a patch is available.

Exploit

Correção

Buffer Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-787

Identificadores relacionados

BDU:2020-03221

CVE-2019-14275

DLA-2073-1

MGASA-2020-0116

OPENSUSE-SU-2020:1702-1

OPENSUSE-SU-2020:1843-1

OPENSUSE-SU-2020_1702-1

OPENSUSE-SU-2020_1843-1

OPENSUSE-SU-2021:1143-1

OPENSUSE-SU-2021:1311-1

OPENSUSE-SU-2021:1318-1

OPENSUSE-SU-2021:2454-1

OPENSUSE-SU-2021_1143-1

OPENSUSE-SU-2021_2454-1

OPENSUSE-SU-2024:11472-1

SUSE-SU-2020:1806-1

SUSE-SU-2020:2951-1

SUSE-SU-2021:14823-1

SUSE-SU-2021:2454-1

SUSE-SU-2021_14823-1

USN-5864-1

Produtos afetados

Linuxmint

Suse

Ubuntu

Xfig Fig2Dev

PT-2019-5480 · Xfig+3 · Xfig Fig2Dev+3

CVE-2019-14275

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 78