Lucene search

RedhatCVE-2010-4262

HistoryDec 17, 2010 - 7:00 p.m.

CVE-2010-4262

2010-12-1719:00:21

CWE-119

redhat

web.nvd.nist.gov

cve-2010-4262

xfig 3.2.4

xfig 3.2.5

buffer overflow

denial of service

arbitrary code

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.039

Percentile

92.0%

JSON

Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a FIG image with a crafted color definition.

Affected configurations

Nvd

Node

xfigxfigMatch3.2.4

xfigxfigMatch3.2.5

VendorProductVersionCPE
xfigxfig3.2.4cpe:2.3:a:xfig:xfig:3.2.4:*:*:*:*:*:*:*
xfigxfig3.2.5cpe:2.3:a:xfig:xfig:3.2.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
xfig	xfig	3.2.4	cpe:2.3:a:xfig:xfig:3.2.4:::::::*
xfig	xfig	3.2.5	cpe:2.3:a:xfig:xfig:3.2.5:::::::*

References

lists.fedoraproject.org/pipermail/package-announce/2010-December/052247.html

secunia.com/advisories/42579

www.mandriva.com/security/advisories?name=MDVSA-2011:010

www.openwall.com/lists/oss-security/2010/12/03/2

www.openwall.com/lists/oss-security/2010/12/06/8

www.securityfocus.com/bid/45177

www.vupen.com/english/advisories/2010/3232

www.vupen.com/english/advisories/2011/0108

bugzilla.redhat.com/show_bug.cgi?id=657981

bugzilla.redhat.com/show_bug.cgi?id=659676

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.039

Percentile

92.0%

JSON

Related for CVE-2010-4262