VYPR

Xfig

by Mcj

CVEs (25)

  • CVE-2023-45920MedMar 27, 2024
    risk 0.27cvss 4.2epss 0.00

    Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager.

  • CVE-2009-4227Dec 8, 2009
    risk 0.04cvss epss 0.11

    Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a…

  • CVE-2010-4262Dec 17, 2010
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a FIG image with a crafted color definition.

  • CVE-2009-4228Dec 8, 2009
    risk 0.00cvss epss 0.02

    Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service (application crash) via a long string in a malformed .fig file that uses the 1.3 file format, possibly related to the readfp_fig function in f_read.c.

  • CVE-2009-1962Jun 8, 2009
    risk 0.00cvss epss 0.00

    Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9)…

Page 2 of 2