High severity7.1NVD Advisory· Published Nov 20, 2017· Updated Jun 17, 2026
CVE-2017-16899
CVE-2017-16899
Description
An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c.
Affected products
14- osv-coords10 versionspkg:rpm/opensuse/transfig&distro=openSUSE%20Tumbleweedpkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
< 3.2.8a-5.1+ 9 more
- (no CPE)range: < 3.2.8a-5.1
- (no CPE)range: < 3.2.5e-2.3.2
- (no CPE)range: < 3.2.5e-2.3.2
- (no CPE)range: < 3.2.5-160.3.2
- (no CPE)range: < 3.2.5e-2.3.2
- (no CPE)range: < 3.2.5e-2.3.2
- (no CPE)range: < 3.2.5e-2.3.2
- (no CPE)range: < 3.2.5-160.3.2
- (no CPE)range: < 3.2.5e-2.3.2
- (no CPE)range: < 3.2.5e-2.3.2
Patches
Vulnerability mechanics
References
1- bugs.debian.org/cgi-bin/bugreport.cginvdIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.