CVE-2009-4228

2009-12-0818:30:00

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS

0.005

Percentile

75.5%

JSON

Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service (application crash) via a long string in a malformed .fig file that uses the 1.3 file format, possibly related to the readfp_fig function in f_read.c.

OSVersionArchitecturePackageVersionFilename
Debian12allxfig<= 1:3.2.8b-2xfig_1:3.2.8b-2_all.deb
Debian11allxfig<= 1:3.2.8-3+deb11u1xfig_1:3.2.8-3+deb11u1_all.deb
Debian999allxfig<= 1:3.2.9-4xfig_1:3.2.9-4_all.deb
Debian13allxfig<= 1:3.2.9-4xfig_1:3.2.9-4_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	xfig	<= 1:3.2.8b-2	xfig_1:3.2.8b-2_all.deb
Debian	11	all	xfig	<= 1:3.2.8-3+deb11u1	xfig_1:3.2.8-3+deb11u1_all.deb
Debian	999	all	xfig	<= 1:3.2.9-4	xfig_1:3.2.9-4_all.deb
Debian	13	all	xfig	<= 1:3.2.9-4	xfig_1:3.2.9-4_all.deb