Jump to content
Sign in to follow this  
paul

Advisories MDVSA-2011:010: xfig

Recommended Posts

Multiple vulnerabilities has been found and corrected in xfig:

 

Stack-based buffer overflow in the read_1_3_textobject function in

f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject

function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier,

allows remote attackers to execute arbitrary code via a long string

in a malformed .fig file that uses the 1.3 file format. NOTE:

some of these details are obtained from third party information

(CVE-2009-4227).

 

Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier

allows remote attackers to cause a denial of service (application

crash) via a long string in a malformed .fig file that uses the 1.3

file format, possibly related to the readfp_fig function in f_read.c

(CVE-2009-4228).

 

Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote

attackers to cause a denial of service (crash) and possibly execute

arbitrary code via a FIG image with a crafted color definition

(CVE-2010-4262).

 

Packages for 2009.0 are provided as of the Extended Maintenance

Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

 

The updated packages have been patched to correct these issues.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...