CVE-2019-14275
Description
Stack-based buffer overflow in fig2dev 3.2.7a calc_arrow() function may allow arbitrary code execution via crafted FIG file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack-based buffer overflow in fig2dev 3.2.7a calc_arrow() function may allow arbitrary code execution via crafted FIG file.
Vulnerability
The calc_arrow function in bound.c (line 956) of fig2dev version 3.2.7a, part of the Xfig package, contains a stack-based buffer overflow. The flaw occurs when processing a specially crafted FIG file, leading to a write of 4 bytes beyond the stack buffer boundary as reported by AddressSanitizer [1].
Exploitation
An attacker can trigger the vulnerability by providing a malicious FIG file to fig2dev. No authentication or special privileges are required; only the ability to supply the file. The overflow is triggered during the arrow bounding box calculation in calc_arrow.
Impact
Successful exploitation results in a stack-based buffer overflow, which can potentially lead to arbitrary code execution under the context of the user running fig2dev. The overflow allows overwriting adjacent stack data, potentially hijacking control flow.
Mitigation
The issue was reported and fixed in a later version of fig2dev. Users should update to a patched version. As of the publication date, no official patch version number has been disclosed, but the ticket [1] tracks the fix. Affected users should monitor the project for updates.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
17- Xfig/fig2devdescription
- osv-coords15 versionspkg:rpm/opensuse/transfig&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/transfig&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/transfig&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/transfig&distro=openSUSE%20Tumbleweedpkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP2pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP3pkg:rpm/suse/transfig&distro=SUSE%20Package%20Hub%2015%20SP2pkg:rpm/suse/transfig&distro=SUSE%20Package%20Hub%2015%20SP3
< 3.2.6a-lp151.4.9.1+ 14 more
- (no CPE)range: < 3.2.6a-lp151.4.9.1
- (no CPE)range: < 3.2.6a-lp152.6.3.1
- (no CPE)range: < 3.2.8a-bp153.3.3.2
- (no CPE)range: < 3.2.8a-5.1
- (no CPE)range: < 3.2.8a-1.160.13.1
- (no CPE)range: < 3.2.8a-1.160.13.1
- (no CPE)range: < 3.2.5e-2.8.2
- (no CPE)range: < 3.2.5e-2.8.2
- (no CPE)range: < 3.2.5e-2.8.2
- (no CPE)range: < 3.2.5e-2.8.2
- (no CPE)range: < 3.2.6a-4.9.113
- (no CPE)range: < 3.2.6a-4.9.113
- (no CPE)range: < 3.2.8a-4.12.2
- (no CPE)range: < 3.2.8a-bp152.3.3.2
- (no CPE)range: < 3.2.8a-bp153.3.3.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- lists.opensuse.org/opensuse-security-announce/2020-10/msg00043.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-11/msg00019.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.debian.org/debian-lts-announce/2020/01/msg00018.htmlmitremailing-listx_refsource_MLIST
- sourceforge.net/p/mcj/tickets/52/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.