PT-2019-5480 · Xfig+3 · Xfig Fig2Dev+3

Frederic Cambus

Published

2019-07-26

Updated

2024-06-15

CVE-2019-14275

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Xfig fig2dev version 3.2.7a

Description The issue is related to a buffer overflow in the calc arrow function, which can be exploited by an attacker using a specially crafted .fig file, potentially leading to a denial of service.

Recommendations For Xfig fig2dev version 3.2.7a, consider disabling the calc arrow function in the bound.c file as a temporary workaround until a patch is available.

Exploit

Fix

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

BDU:2020-03221

CVE-2019-14275

DLA-2073-1

MGASA-2020-0116

OPENSUSE-SU-2020:1702-1

OPENSUSE-SU-2020:1843-1

OPENSUSE-SU-2020_1702-1

OPENSUSE-SU-2020_1843-1

OPENSUSE-SU-2021:1143-1

OPENSUSE-SU-2021:1311-1

OPENSUSE-SU-2021:1318-1

OPENSUSE-SU-2021:2454-1

OPENSUSE-SU-2021_1143-1

OPENSUSE-SU-2021_2454-1

OPENSUSE-SU-2024:11472-1

SUSE-SU-2020:1806-1

SUSE-SU-2020:2951-1

SUSE-SU-2021:14823-1

SUSE-SU-2021:2454-1

SUSE-SU-2021_14823-1

USN-5864-1

Affected Products

Linuxmint

Suse

Ubuntu

Xfig Fig2Dev

PT-2019-5480 · Xfig+3 · Xfig Fig2Dev+3

CVE-2019-14275

Weakness Enumeration

Related Identifiers

Affected Products

References · 78