PT-2017-3935 · Unspecified+2 · Fig2Dev+2

Ace Team

·

Published

2017-11-17

·

Updated

2024-06-15

·

CVE-2018-16140

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions fig2dev version 3.2.7a
Description A buffer underwrite issue in the get line() function allows an attacker to write prior to the beginning of the buffer via a crafted .fig file, potentially leading to a denial of service. The vulnerability is related to a buffer operation exceeding its boundaries in memory.
Recommendations For fig2dev version 3.2.7a, consider avoiding the use of the get line() function until a patch is available. As a temporary workaround, restrict the processing of .fig files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2020-01867
CVE-2018-16140
DLA-2073-1
MGASA-2019-0064
OPENSUSE-SU-2019:1455-1
OPENSUSE-SU-2019_1455-1
OPENSUSE-SU-2024:11472-1
SUSE-SU-2019:1291-1
SUSE-SU-2020:1806-1
SUSE-SU-2020_1806-1
USN-3760-1

Affected Products

Suse
Ubuntu
Fig2Dev