CVE-2019-19797
Description
Xfig fig2dev 3.2.7b has an out-of-bounds write in read_colordef() when processing a malformed color definition, potentially leading to memory corruption.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Xfig fig2dev 3.2.7b has an out-of-bounds write in read_colordef() when processing a malformed color definition, potentially leading to memory corruption.
Vulnerability
The read_colordef function in read.c of fig2dev version 3.2.7b contains an out-of-bounds write vulnerability. The issue occurs when processing a malformed color definition line in a .fig file. The parser fails to properly validate the length or format of the color string, leading to an invalid memory write. The bug was discovered through fuzzing and is triggered when the file contains a specially crafted color definition line [1].
Exploitation
An attacker can exploit this vulnerability by supplying a crafted .fig file to the fig2dev utility, for instance with the command ./fig2dev -Lbox <malicious_file>. The attacker does not require authentication or special privileges; the attack vector is local file parsing. The vulnerable code path is reached during the read_colordef call at read.c:488 when the program attempts to parse an invalid color definition [1].
Impact
Successful exploitation results in an out-of-bounds write of 4 bytes (a single integer value) beyond the intended buffer boundary, as observed in the Valgrind output [1]. This memory corruption could lead to a denial of service (crash) or potentially be leveraged for arbitrary code execution if the memory layout allows controlled corruption. The impact is limited to the privileges of the user running fig2dev.
Mitigation
As of the available references, no official patch or fixed version has been released. The advisory suggests the issue remained open until at least April 2021 [1]. Users should avoid processing untrusted .fig files with fig2dev 3.2.7b until a fix is provided. No workaround is documented.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
24- Xfig/fig2devdescription
- osv-coords22 versionspkg:rpm/opensuse/transfig&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/transfig&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/transfig&distro=openSUSE%20Tumbleweedpkg:rpm/suse/transfig&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP2pkg:rpm/suse/transfig&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP3pkg:rpm/suse/transfig&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/transfig&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/transfig&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/transfig&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/transfig&distro=SUSE%20Package%20Hub%2015%20SP2pkg:rpm/suse/transfig&distro=SUSE%20Package%20Hub%2015%20SP3
< 3.2.8a-lp152.6.6.2+ 21 more
- (no CPE)range: < 3.2.8a-lp152.6.6.2
- (no CPE)range: < 3.2.8a-bp153.3.3.2
- (no CPE)range: < 3.2.8a-5.1
- (no CPE)range: < 3.2.8a-2.17.1
- (no CPE)range: < 3.2.8a-1.160.13.1
- (no CPE)range: < 3.2.8a-1.160.13.1
- (no CPE)range: < 3.2.8a-2.17.1
- (no CPE)range: < 3.2.8a-2.17.1
- (no CPE)range: < 3.2.8a-2.17.1
- (no CPE)range: < 3.2.8a-2.17.1
- (no CPE)range: < 3.2.8a-2.17.1
- (no CPE)range: < 3.2.8a-2.17.1
- (no CPE)range: < 3.2.8a-2.17.1
- (no CPE)range: < 3.2.8a-2.17.1
- (no CPE)range: < 3.2.8a-4.12.2
- (no CPE)range: < 3.2.8a-4.12.2
- (no CPE)range: < 3.2.8a-2.17.1
- (no CPE)range: < 3.2.8a-2.17.1
- (no CPE)range: < 3.2.8a-2.17.1
- (no CPE)range: < 3.2.8a-2.17.1
- (no CPE)range: < 3.2.8a-bp152.3.3.2
- (no CPE)range: < 3.2.8a-bp153.3.3.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7XOY5NXUZ6JRBBPYA3CXWGRGQTSDVVG2/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILJM2G6NM5MMBKTT5CH23TAI6DJGNW36/mitrevendor-advisoryx_refsource_FEDORA
- lists.debian.org/debian-lts-announce/2021/10/msg00002.htmlmitremailing-listx_refsource_MLIST
- sourceforge.net/p/mcj/tickets/67/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.