CVE-2019-14275Out-of-bounds Write in Project Fig2dev

CWE-787Out-of-bounds WriteCWE-121Stack-based Buffer Overflow10 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.5%
top 33.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Fig2dev Project Fig2devDebian LinuxOpensuse Leap+1 more
Timeline
PublishedJul 26
Latest updateFeb 13

Description

Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

Debianfig2dev_project/fig2dev< 1:3.2.7a-7+3
Ubuntufig2dev_project/fig2dev< 1:3.2.6a-6ubuntu1.1+1
NVDopensuse/leap15.1, 15.2+1

Also affects: Debian Linux 8.0

🔴Vulnerability Details

4
OSV
fig2dev vulnerabilities2023-02-13
GHSA
GHSA-3cjq-m2rg-gw63: Xfig fig2dev 32022-05-24
OSV
CVE-2019-14275: Xfig fig2dev 32019-07-26
CVEList
CVE-2019-14275: Xfig fig2dev 32019-07-26

📋Vendor Advisories

3
Ubuntu
Fig2dev vulnerabilities2023-02-13
Red Hat
transfig: stack-based buffer overflow in calc_arrow in bound.c2019-07-26
Debian
CVE-2019-14275: fig2dev - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function...2019

💬Community

2
Bugzilla
CVE-2019-14275 transfig: stack-based buffer overflow in calc_arrow in bound.c2020-02-07
Bugzilla
CVE-2019-14275 transfig: stack-based buffer overflow in calc_arrow in bound.c [fedora-all]2020-02-07
CVE-2019-14275 — Out-of-bounds Write in Project Fig2dev | cvebase