Hungchun Chiu

**Name of the Vulnerable Software and Affected Versions** fig2dev versions 3.28a and earlier **Description** A double-free vulnerability exists in the `free stream` function in `readpics.c`, which could cause a denial of service. This issue is context-dependent and may allow an attacker to disrupt service. **Recommendations** For versions 3.28a and earlier, consider disabling the `free stream` function in `readpics.c` as a temporary workaround until a patch is available. Restrict access to the `readpics.c` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** fig2dev versions 3.28a and earlier **Description** The issue is related to a denial of service due to a segfault in the `open stream` function. This can be caused by a buffer overflow in memory, potentially allowing an attacker to cause a service disruption. The `open stream` function in `readpics.c` is specifically identified as the vulnerable component. **Recommendations** For fig2dev versions 3.28a and earlier, consider disabling the `open stream` function as a temporary workaround until a patch is available. Restrict access to the `readpics.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.