cbcvebase.
CVE-2009-4227
published 2009-12-08

CVE-2009-4227: Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in…

PriorityP338medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
10.60%
95.2th percentile
Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses the 1.3 file format. NOTE: some of these details are obtained from third party information.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianxfig< xfig 1:3.2.5.b-1 (bookworm)xfig 1:3.2.5.b-1 (bookworm)
xfigxfig<= 3.2.5b
xfigxfig
xfigxfig>= 0 < 1:3.2.5.b-11:3.2.5.b-1
xfigxfig>= 0 < 1:3.2.5.b-11:3.2.5.b-1
xfigxfig>= 0 < 1:3.2.5.b-11:3.2.5.b-1
xfigxfig>= 0 < 1:3.2.5.b-11:3.2.5.b-1

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.