Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

21 – 25 of 25 results

CVE-2019-19746

Medium priority
Vulnerable

make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.

2 affected packages

fig2dev, transfig

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
fig2dev Not affected Not affected Vulnerable Needs evaluation Not in release
transfig Not in release Not in release Not in release Not in release Not affected
Show less packages

CVE-2019-19555

Negligible priority

Some fixes available 2 of 5

read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf.

2 affected packages

fig2dev, transfig

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
fig2dev Not affected Not affected Fixed Fixed Not in release
transfig Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2019-14275

Negligible priority

Some fixes available 1 of 3

Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.

2 affected packages

fig2dev, transfig

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
fig2dev Not affected Not affected Not affected Fixed Not in release
transfig Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2018-16140

Medium priority

Some fixes available 2 of 4

A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file.

2 affected packages

fig2dev, transfig

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
fig2dev Not affected Not affected Not affected Needs evaluation Not in release
transfig Not in release Not in release Not in release Not in release Fixed
Show less packages

CVE-2017-16899

Low priority
Ignored

An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in...

2 affected packages

fig2dev, transfig

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
fig2dev Not affected Not in release
transfig Not in release Not affected
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. Next page
Export to JSON