CVE-2023-45920

Vulnerability

Xfig v3.2.8 [1] contains a NULL pointer dereference vulnerability in the main() function when calling XGetWMHints(). The issue occurs when the X server or window manager returns a NULL value for window manager hints, which is not properly handled. The vulnerability is disputed because it is not expected that an X application should continue to run under arbitrary anomalous behavior from the X server or window manager [1].

Exploitation

An attacker would need to control or influence the X server or window manager to return a NULL value for XGetWMHints(). This could be achieved if the attacker has local access to the system and can manipulate the window manager or X server behavior. No user interaction beyond running Xfig is required, but the anomalous condition must be present.

Impact

Successful exploitation results in a denial of service (DoS) due to a segmentation fault (SEGV) caused by the NULL pointer dereference. The application crashes. No code execution or data corruption is indicated.

Mitigation

As of the publication date, no official patch has been released for Xfig v3.2.8. The vendor disputes the severity, considering it a rare edge case. Users may consider avoiding use of Xfig under untrusted X server or window manager environments. No workaround is provided.