Mcj

A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function.

A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function.

Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via get_slope function.

Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function.

heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via  create_line_with_spline.

Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager.

fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c.

fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c.

fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c.

fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.

fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c.

fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c.

A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format.

A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format.

A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.

A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.

A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.

A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.

An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this…

read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.